mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-02-01 03:48:17 +00:00
Compare commits
15 Commits
guacamole
...
fix-etcd-s
| Author | SHA1 | Date | |
|---|---|---|---|
|
9ac7938a74 | ||
|
|
cd0be9132a | ||
|
|
0f312d5cd0 | ||
|
|
e3ccfa3d6d | ||
|
|
0d3b8fc6ff | ||
|
|
2a4768a52f | ||
|
|
320fc32f7b | ||
|
|
fab5940b12 | ||
|
|
4b84798f00 | ||
|
|
b3ee563e23 | ||
|
|
06e79cd4dd | ||
|
|
14a8a34ee2 | ||
|
|
240a82f388 | ||
|
|
a55630db5d | ||
|
|
e8eb5fd397 |
3
Makefile
3
Makefile
@@ -2,6 +2,9 @@
|
||||
|
||||
build:
|
||||
make -C packages/apps/http-cache image
|
||||
make -C packages/apps/postgres image
|
||||
make -C packages/apps/mysql image
|
||||
make -C packages/apps/clickhouse image
|
||||
make -C packages/apps/kubernetes image
|
||||
make -C packages/system/cilium image
|
||||
make -C packages/system/kubeovn image
|
||||
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
serviceAccountName: cozystack
|
||||
containers:
|
||||
- name: cozystack
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.1"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.15.0"
|
||||
env:
|
||||
- name: KUBERNETES_SERVICE_HOST
|
||||
value: localhost
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: darkhttpd
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.1"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.15.0"
|
||||
command:
|
||||
- /usr/bin/darkhttpd
|
||||
- /cozystack/assets
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.0
|
||||
version: 0.5.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -1,4 +1,20 @@
|
||||
CLICKHOUSE_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
generate:
|
||||
readme-generator -v values.yaml -s values.schema.json -r README.md
|
||||
|
||||
image:
|
||||
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/clickhouse-backup \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/clickhouse-backup:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/clickhouse-backup.json \
|
||||
--push=$(PUSH) \
|
||||
--load=$(LOAD)
|
||||
echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \
|
||||
> images/clickhouse-backup.tag
|
||||
rm -f images/clickhouse-backup.json
|
||||
|
||||
@@ -1,5 +1,20 @@
|
||||
# Managed Clickhouse Service
|
||||
|
||||
### How to restore backup:
|
||||
|
||||
find snapshot:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
|
||||
```
|
||||
|
||||
restore:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
|
||||
```
|
||||
|
||||
more details:
|
||||
- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
|
||||
|
||||
## Parameters
|
||||
|
||||
### Common parameters
|
||||
@@ -16,3 +31,16 @@
|
||||
| Name | Description | Value |
|
||||
| ------- | ------------------- | ----- |
|
||||
| `users` | Users configuration | `{}` |
|
||||
|
||||
### Backup parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable pereiodic backups | `false` |
|
||||
| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` |
|
||||
| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` |
|
||||
| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` |
|
||||
| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
|
||||
| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` |
|
||||
| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` |
|
||||
| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` |
|
||||
|
||||
1
packages/apps/clickhouse/images/clickhouse-backup.tag
Normal file
1
packages/apps/clickhouse/images/clickhouse-backup.tag
Normal file
@@ -0,0 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/clickhouse-backup:0.5.0@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61
|
||||
@@ -0,0 +1,2 @@
|
||||
FROM clickhouse/clickhouse-server:24.8.4-alpine
|
||||
RUN apk add --no-cache restic uuidgen
|
||||
95
packages/apps/clickhouse/templates/backup-cronjob.yaml
Normal file
95
packages/apps/clickhouse/templates/backup-cronjob.yaml
Normal file
@@ -0,0 +1,95 @@
|
||||
{{- if .Values.backup.enabled }}
|
||||
{{ $image := .Files.Get "images/backup.json" | fromJson }}
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-backup
|
||||
spec:
|
||||
schedule: "{{ .Values.backup.schedule }}"
|
||||
concurrencyPolicy: Forbid
|
||||
successfulJobsHistoryLimit: 3
|
||||
failedJobsHistoryLimit: 3
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 2
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }}
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ .Release.Name }}-regsecret
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: clickhouse-backup
|
||||
image: "{{ $.Files.Get "images/clickhouse-backup.tag" | trim }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- -x
|
||||
- /scripts/backup.sh
|
||||
env:
|
||||
- name: REPO_PREFIX
|
||||
value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }}
|
||||
- name: CLEANUP_STRATEGY
|
||||
value: {{ required "cleanupPolicy is not specified!" .Values.backup.cleanupStrategy | quote }}
|
||||
- name: CLICKHOUSE_USER
|
||||
value: backup
|
||||
- name: CLICKHOUSE_HOST
|
||||
value: chi-{{ .Release.Name }}-clickhouse-0-0
|
||||
- name: CLICKHOUSE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-credentials
|
||||
key: backup
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-backup
|
||||
key: s3AccessKey
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-backup
|
||||
key: s3SecretKey
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: {{ .Values.backup.s3Region }}
|
||||
- name: RESTIC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-backup
|
||||
key: resticPassword
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: scripts
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /.cache
|
||||
name: cache
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
volumes:
|
||||
- name: scripts
|
||||
secret:
|
||||
secretName: {{ .Release.Name }}-backup-script
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: cache
|
||||
emptyDir: {}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 9000
|
||||
runAsGroup: 9000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
55
packages/apps/clickhouse/templates/backup-script.yaml
Normal file
55
packages/apps/clickhouse/templates/backup-script.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
{{- if .Values.backup.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-backup-script
|
||||
stringData:
|
||||
backup.sh: |
|
||||
#!/bin/sh
|
||||
set -e
|
||||
set -o pipefail
|
||||
|
||||
JOB_ID="job-$(uuidgen|cut -f1 -d-)"
|
||||
TABLE_LIST=$(clickhouse-client --host "$CLICKHOUSE_HOST" -q 'SHOW TABLES;' | grep -v '^.inner.' || true)
|
||||
echo DB_LIST=$(echo "$TABLE_LIST" | shuf) # shuffle list
|
||||
echo "Job ID: $JOB_ID"
|
||||
echo "Target repo: $REPO_PREFIX"
|
||||
echo "Cleanup strategy: $CLEANUP_STRATEGY"
|
||||
echo "Start backup for:"
|
||||
echo "$TABLE_LIST"
|
||||
echo
|
||||
echo "Backup started at `date +%Y-%m-%d\ %H:%M:%S`"
|
||||
for table in $TABLE_LIST; do
|
||||
(
|
||||
set -x
|
||||
restic -r "s3:${REPO_PREFIX}/$table" cat config >/dev/null 2>&1 || \
|
||||
restic -r "s3:${REPO_PREFIX}/$table" init --repository-version 2
|
||||
restic -r "s3:${REPO_PREFIX}/$table" unlock --remove-all >/dev/null 2>&1 || true # no locks, k8s takes care of it
|
||||
clickhouse-client --host "$CLICKHOUSE_HOST" -q "SHOW CREATE TABLE ${table}" | awk '{gsub(/\\n/, "\n")} {gsub(/\\'\''/, "'\''")} 1' | \
|
||||
restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag index --stdin --stdin-filename index.sql
|
||||
clickhouse-client --host "$CLICKHOUSE_HOST" -q "SELECT * FROM ${table} FORMAT TabSeparated" | \
|
||||
restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag data --stdin --stdin-filename data.tsv
|
||||
restic -r "s3:${REPO_PREFIX}/$table" tag --tag "$JOB_ID" --set "completed"
|
||||
)
|
||||
done
|
||||
echo "Backup finished at `date +%Y-%m-%d\ %H:%M:%S`"
|
||||
|
||||
echo
|
||||
echo "Run cleanup:"
|
||||
echo
|
||||
|
||||
echo "Cleanup started at `date +%Y-%m-%d\ %H:%M:%S`"
|
||||
for db in $DB_LIST; do
|
||||
(
|
||||
set -x
|
||||
# keep completed snapshots only
|
||||
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag index
|
||||
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag data
|
||||
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag index
|
||||
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag data
|
||||
restic prune -r "s3:${REPO_PREFIX}/$db"
|
||||
)
|
||||
done
|
||||
echo "Cleanup finished at `date +%Y-%m-%d\ %H:%M:%S`"
|
||||
{{- end }}
|
||||
11
packages/apps/clickhouse/templates/backup-secret.yaml
Normal file
11
packages/apps/clickhouse/templates/backup-secret.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
{{- if .Values.backup.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-backup
|
||||
stringData:
|
||||
s3AccessKey: {{ required "s3AccessKey is not specified!" .Values.backup.s3AccessKey }}
|
||||
s3SecretKey: {{ required "s3SecretKey is not specified!" .Values.backup.s3SecretKey }}
|
||||
resticPassword: {{ required "resticPassword is not specified!" .Values.backup.resticPassword }}
|
||||
{{- end }}
|
||||
@@ -1,5 +1,7 @@
|
||||
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
|
||||
{{- $passwords := dict }}
|
||||
{{- $users := .Values.users }}
|
||||
{{- $_ := set $users "backup" dict }}
|
||||
|
||||
{{- with (index $existingSecret "data") }}
|
||||
{{- range $k, $v := . }}
|
||||
@@ -7,7 +9,7 @@
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $user, $u := .Values.users }}
|
||||
{{- range $user, $u := $users }}
|
||||
{{- if $u.password }}
|
||||
{{- $_ := set $passwords $user $u.password }}
|
||||
{{- else if not (index $passwords $user) }}
|
||||
@@ -15,7 +17,6 @@
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.users }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
@@ -24,7 +25,6 @@ stringData:
|
||||
{{- range $user, $u := .Values.users }}
|
||||
{{ quote $user }}: {{ quote (index $passwords $user) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: "clickhouse.altinity.com/v1"
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
dataVolumeClaimTemplate: data-volume-template
|
||||
{{- end }}
|
||||
configuration:
|
||||
{{- with .Values.users }}
|
||||
{{- with $users }}
|
||||
users:
|
||||
{{- range $name, $u := . }}
|
||||
{{ $name }}/password_sha256_hex: {{ sha256sum (index $passwords $name) }}
|
||||
|
||||
@@ -21,6 +21,51 @@
|
||||
"type": "string",
|
||||
"description": "StorageClass used to store the data",
|
||||
"default": ""
|
||||
},
|
||||
"backup": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable pereiodic backups",
|
||||
"default": false
|
||||
},
|
||||
"s3Region": {
|
||||
"type": "string",
|
||||
"description": "The AWS S3 region where backups are stored",
|
||||
"default": "us-east-1"
|
||||
},
|
||||
"s3Bucket": {
|
||||
"type": "string",
|
||||
"description": "The S3 bucket used for storing backups",
|
||||
"default": "s3.example.org/clickhouse-backups"
|
||||
},
|
||||
"schedule": {
|
||||
"type": "string",
|
||||
"description": "Cron schedule for automated backups",
|
||||
"default": "0 2 * * *"
|
||||
},
|
||||
"cleanupStrategy": {
|
||||
"type": "string",
|
||||
"description": "The strategy for cleaning up old backups",
|
||||
"default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
|
||||
},
|
||||
"s3AccessKey": {
|
||||
"type": "string",
|
||||
"description": "The access key for S3, used for authentication",
|
||||
"default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
|
||||
},
|
||||
"s3SecretKey": {
|
||||
"type": "string",
|
||||
"description": "The secret key for S3, used for authentication",
|
||||
"default": "ju3eum4dekeich9ahM1te8waeGai0oog"
|
||||
},
|
||||
"resticPassword": {
|
||||
"type": "string",
|
||||
"description": "The password for Restic backup encryption",
|
||||
"default": "ChaXoveekoh6eigh4siesheeda2quai0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -22,3 +22,23 @@ storageClass: ""
|
||||
## password: hackme
|
||||
##
|
||||
users: {}
|
||||
|
||||
## @section Backup parameters
|
||||
|
||||
## @param backup.enabled Enable pereiodic backups
|
||||
## @param backup.s3Region The AWS S3 region where backups are stored
|
||||
## @param backup.s3Bucket The S3 bucket used for storing backups
|
||||
## @param backup.schedule Cron schedule for automated backups
|
||||
## @param backup.cleanupStrategy The strategy for cleaning up old backups
|
||||
## @param backup.s3AccessKey The access key for S3, used for authentication
|
||||
## @param backup.s3SecretKey The secret key for S3, used for authentication
|
||||
## @param backup.resticPassword The password for Restic backup encryption
|
||||
backup:
|
||||
enabled: false
|
||||
s3Region: us-east-1
|
||||
s3Bucket: s3.example.org/clickhouse-backups
|
||||
schedule: "0 2 * * *"
|
||||
cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
|
||||
s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
|
||||
s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
|
||||
resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
|
||||
|
||||
1
packages/apps/ferretdb/images/postgres-backup.tag
Normal file
1
packages/apps/ferretdb/images/postgres-backup.tag
Normal file
@@ -0,0 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.6.2@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1
|
||||
@@ -24,8 +24,8 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: mysqldump
|
||||
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
|
||||
- name: pgdump
|
||||
image: "{{ $.Files.Get "images/postgres-backup.tag" | trim }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- /scripts/backup.sh
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: http-cache
|
||||
description: Layer7 load balacner and caching service
|
||||
description: Layer7 load balancer and caching service
|
||||
icon: /logos/nginx.svg
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.3.0
|
||||
version: 0.3.1
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
NGINX_CACHE_TAG = v0.1.0
|
||||
NGINX_CACHE_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
@@ -9,7 +9,6 @@ image-nginx:
|
||||
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/nginx-cache \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
|
||||
--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)-$(TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/nginx-cache.json \
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:556bc8d29ee9e90b3d64d0481dcfc66483d055803315bba3d9ece17c0d97f32b
|
||||
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:556bc8d29ee9e90b3d64d0481dcfc66483d055803315bba3d9ece17c0d97f32b
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.5.0
|
||||
version: 0.5.1
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -1,4 +1,20 @@
|
||||
MARIADB_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
generate:
|
||||
readme-generator -v values.yaml -s values.schema.json -r README.md
|
||||
|
||||
image:
|
||||
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/mariadb-backup \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/mariadb-backup:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/mariadb-backup.json \
|
||||
--push=$(PUSH) \
|
||||
--load=$(LOAD)
|
||||
echo "$(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/mariadb-backup.json -o json -r)" \
|
||||
> images/mariadb-backup.tag
|
||||
rm -f images/mariadb-backup.json
|
||||
|
||||
1
packages/apps/mysql/images/mariadb-backup.tag
Normal file
1
packages/apps/mysql/images/mariadb-backup.tag
Normal file
@@ -0,0 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.1@sha256:fa2b3195521cffa55eb6d71a50b875d3c234a45e5dff71b2b9002674175bea93
|
||||
2
packages/apps/mysql/images/mariadb-backup/Dockerfile
Normal file
2
packages/apps/mysql/images/mariadb-backup/Dockerfile
Normal file
@@ -0,0 +1,2 @@
|
||||
FROM alpine:3.20
|
||||
RUN apk add --no-cache mariadb-client uuidgen restic
|
||||
@@ -27,7 +27,7 @@ spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: mysqldump
|
||||
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
|
||||
image: "{{ $.Files.Get "images/mariadb-backup.tag" | trim }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- /scripts/backup.sh
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.6.0
|
||||
version: 0.6.2
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -1,4 +1,21 @@
|
||||
POSTGRES_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
generate:
|
||||
readme-generator -v values.yaml -s values.schema.json -r README.md
|
||||
|
||||
image:
|
||||
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/postgres-backup \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/postgres-backup:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/postgres-backup.json \
|
||||
--push=$(PUSH) \
|
||||
--load=$(LOAD)
|
||||
echo "$(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/postgres-backup.json -o json -r)" \
|
||||
> images/postgres-backup.tag
|
||||
cp images/postgres-backup.tag ../ferretdb/images/
|
||||
rm -f images/postgres-backup.json
|
||||
|
||||
1
packages/apps/postgres/images/postgres-backup.tag
Normal file
1
packages/apps/postgres/images/postgres-backup.tag
Normal file
@@ -0,0 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/postgres-backup:0.6.2@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1
|
||||
2
packages/apps/postgres/images/postgres-backup/Dockerfile
Normal file
2
packages/apps/postgres/images/postgres-backup/Dockerfile
Normal file
@@ -0,0 +1,2 @@
|
||||
FROM alpine:3.20
|
||||
RUN apk add --no-cache postgresql16-client uuidgen restic
|
||||
@@ -26,8 +26,8 @@ spec:
|
||||
- name: {{ .Release.Name }}-regsecret
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: mysqldump
|
||||
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
|
||||
- name: pgdump
|
||||
image: "{{ $.Files.Get "images/postgres-backup.tag" | trim }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- /scripts/backup.sh
|
||||
|
||||
@@ -83,6 +83,21 @@ spec:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.ingress }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumClusterwideNetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "tenant.name" . }}-ingress-ingress
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
"k8s:io.kubernetes.pod.namespace": "{{ include "tenant.name" . }}"
|
||||
cozystack.io/service: ingress
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- {}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.etcd }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumClusterwideNetworkPolicy
|
||||
|
||||
@@ -3,7 +3,8 @@ clickhouse 0.1.0 ca79f72
|
||||
clickhouse 0.2.0 7cd7de73
|
||||
clickhouse 0.2.1 5ca8823
|
||||
clickhouse 0.3.0 b00621e
|
||||
clickhouse 0.4.0 HEAD
|
||||
clickhouse 0.4.0 320fc32
|
||||
clickhouse 0.5.0 HEAD
|
||||
ferretdb 0.1.0 4ffa8615
|
||||
ferretdb 0.1.1 5ca8823
|
||||
ferretdb 0.2.0 adaf603
|
||||
@@ -11,7 +12,8 @@ ferretdb 0.3.0 aa2f553
|
||||
ferretdb 0.4.0 HEAD
|
||||
http-cache 0.1.0 a956713
|
||||
http-cache 0.2.0 5ca8823
|
||||
http-cache 0.3.0 HEAD
|
||||
http-cache 0.3.0 fab5940
|
||||
http-cache 0.3.1 HEAD
|
||||
kafka 0.1.0 760f86d2
|
||||
kafka 0.2.0 a2cc83d
|
||||
kafka 0.2.1 3ac17018
|
||||
@@ -34,7 +36,8 @@ mysql 0.1.0 f642698
|
||||
mysql 0.2.0 8b975ff0
|
||||
mysql 0.3.0 5ca8823
|
||||
mysql 0.4.0 93018c4
|
||||
mysql 0.5.0 HEAD
|
||||
mysql 0.5.0 4b84798
|
||||
mysql 0.5.1 HEAD
|
||||
nats 0.1.0 5ca8823
|
||||
nats 0.2.0 HEAD
|
||||
postgres 0.1.0 f642698
|
||||
@@ -44,7 +47,8 @@ postgres 0.3.0 995dea6f
|
||||
postgres 0.4.0 ec283c33
|
||||
postgres 0.4.1 5ca8823
|
||||
postgres 0.5.0 c07c4bbd
|
||||
postgres 0.6.0 HEAD
|
||||
postgres 0.6.0 2a4768a
|
||||
postgres 0.6.2 HEAD
|
||||
rabbitmq 0.1.0 f642698
|
||||
rabbitmq 0.2.0 5ca8823
|
||||
rabbitmq 0.3.0 9e33dc0
|
||||
|
||||
@@ -54,9 +54,9 @@ image-matchbox:
|
||||
--load=$(LOAD)
|
||||
rm -f images/matchbox.json
|
||||
|
||||
assets: talos-iso talos-nocloud
|
||||
assets: talos-iso talos-nocloud talos-metal
|
||||
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud:
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
|
||||
mkdir -p ../../../_out/assets
|
||||
cat images/talos/profiles/$(subst talos-,,$@).yaml | \
|
||||
docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
set -e
|
||||
set -u
|
||||
|
||||
PROFILES="initramfs kernel iso installer nocloud"
|
||||
PROFILES="initramfs kernel iso installer nocloud metal"
|
||||
FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
|
||||
EXTENSIONS="drbd zfs"
|
||||
|
||||
@@ -32,10 +32,10 @@ done
|
||||
|
||||
for profile in $PROFILES; do
|
||||
echo "writing profile images/talos/profiles/$profile.yaml"
|
||||
if [ "$profile" = "nocloud" ]; then
|
||||
if [ "$profile" = "nocloud" ] || [ "$profile" = "metal" ]; then
|
||||
image_options="{ diskSize: 1306525696, diskFormat: raw }"
|
||||
out_format=".xz"
|
||||
platform="nocloud"
|
||||
platform="$profile"
|
||||
kind="image"
|
||||
else
|
||||
image_options="{}"
|
||||
|
||||
@@ -12,13 +12,13 @@ input:
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
|
||||
@@ -12,13 +12,13 @@ input:
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
|
||||
@@ -12,13 +12,13 @@ input:
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
|
||||
@@ -12,13 +12,13 @@ input:
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
|
||||
27
packages/core/installer/images/talos/profiles/metal.yaml
Normal file
27
packages/core/installer/images/talos/profiles/metal.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
# this file generated by hack/gen-profiles.sh
|
||||
# do not edit it
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.7.6
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
outFormat: .xz
|
||||
@@ -12,13 +12,13 @@ input:
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.7.6
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
|
||||
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
|
||||
output:
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.14.1@sha256:13c318a7946696933a2c190a59e1fa3df352a70a95ef341e3a5632226e338f1c
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.15.0@sha256:aeff26a80f84b4323578e613b3bf03caa842d617ec8d9ca98706867c1e70609f
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.14.1@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.15.0@sha256:20cc84e4a11db31434881355c070113a7823501a28a6114ca02830b18607ad21
|
||||
|
||||
@@ -33,11 +33,11 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.14.1
|
||||
tag: v0.15.0
|
||||
digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
|
||||
kubeappsapis:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.14.1
|
||||
digest: "sha256:ab354ee85da5dfdb5943893d71805e8d9f8085ad9957c9b286df7dcee3b9d220"
|
||||
tag: v0.15.0
|
||||
digest: "sha256:70c095c8f7e3ecfa11433a3a2c8f57f6ff5a0053f006939a2c171c180cc50baf"
|
||||
|
||||
@@ -73,6 +73,7 @@ rules:
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- etcd.aenix.io
|
||||
resources:
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
update:
|
||||
rm -rf charts
|
||||
helm repo add beryju https://charts.beryju.io
|
||||
helm repo update beryju
|
||||
helm pull beryju/guacamole --untar --untardir charts
|
||||
@@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
README.md.gotmpl
|
||||
@@ -1,14 +0,0 @@
|
||||
apiVersion: v1
|
||||
appVersion: 1.5.5
|
||||
description: Apache Guacamole is a clientless remote desktop gateway. It supports
|
||||
standard protocols like VNC, RDP, and SSH.
|
||||
icon: http://guacamole.apache.org/images/guacamole-logo-64.png
|
||||
maintainers:
|
||||
- email: helm@gavinmogan.com
|
||||
name: Gavin Mogan
|
||||
- email: jens@beryju.org
|
||||
name: Jens Langhammer
|
||||
name: guacamole
|
||||
sources:
|
||||
- http://guacamole.apache.org/
|
||||
version: 1.4.1
|
||||
@@ -1,84 +0,0 @@
|
||||
guacamole
|
||||
=========
|
||||
|
||||
## TL;DR;
|
||||
|
||||
```console
|
||||
$ helm repo add beryju https://charts.beryju.io
|
||||
$ helm install guacamole beryju/guacamole
|
||||
```
|
||||
|
||||
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
|
||||
|
||||
This is a fork of https://artifacthub.io/packages/helm/halkeye/guacamole, but updated to support newer versions and more settings.
|
||||
|
||||
### Dependencies
|
||||
|
||||
This chart has a dependency on ``postgresql`` to be up and running _before_ this chart is deployed. The init-container will not fail if the ``postgresql`` service is not found.
|
||||
|
||||
Sample ``postgresql`` install which works with the defaults of this chart:
|
||||
```console
|
||||
helm install postgresql bitnami/postgresql \
|
||||
--set auth.username=guacamole \
|
||||
--set auth.password=password \
|
||||
--set auth.postgresPassword=password \
|
||||
--set auth.database=guacamole --wait
|
||||
```
|
||||
|
||||
## Changelog
|
||||
|
||||
1.3.3 - Fixed ingress api and documented postgresql dependency
|
||||
|
||||
1.2.3 - Make guacamole run in ROOT context
|
||||
|
||||
0.2.3 - Add support for custom envs
|
||||
|
||||
0.2.2 - Update liveness and readiness probe path
|
||||
|
||||
0.2.1 - helm-docs doesn't add a tl;dr section, so add it manually
|
||||
|
||||
0.2.0 - Apparently I didn't actually use it before, i was running an old copy
|
||||
|
||||
* Fixed services to expose the ports properly
|
||||
* Auto create the db on init if possible
|
||||
|
||||
|
||||
|
||||
## Chart Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| affinity | object | `{}` | |
|
||||
| dbcreation.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| dbcreation.image.repository | string | `"bitnami/postgresql"` | |
|
||||
| dbcreation.image.tag | string | `"11.7.0-debian-10-r9"` | |
|
||||
| fullnameOverride | string | `""` | |
|
||||
| guacamole.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| guacamole.image.repository | string | `"guacamole/guacamole"` | |
|
||||
| guacamole.image.tag | string | `"{{ .Chart.AppVersion }}"` | |
|
||||
| guacd.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| guacd.image.repository | string | `"guacamole/guacd"` | |
|
||||
| guacd.image.tag | string | `"{{ .Chart.AppVersion }}"` | |
|
||||
| imagePullSecrets | list | `[]` | |
|
||||
| ingress.annotations | object | `{}` | |
|
||||
| ingress.enabled | bool | `false` | |
|
||||
| ingress.hosts[0].host | string | `"chart-example.local"` | |
|
||||
| ingress.hosts[0].paths | list | `[]` | |
|
||||
| ingress.tls | list | `[]` | |
|
||||
| nameOverride | string | `""` | |
|
||||
| nodeSelector | object | `{}` | |
|
||||
| podSecurityContext | object | `{}` | |
|
||||
| postgres.database | string | `"guacamole"` | |
|
||||
| postgres.hostname | string | `"postgresql"` | |
|
||||
| postgres.password | string | `"password"` | |
|
||||
| postgres.port | string | `"5432"` | |
|
||||
| postgres.user | string | `"guacamole"` | |
|
||||
| replicaCount | int | `1` | |
|
||||
| resources | object | `{}` | |
|
||||
| securityContext | object | `{}` | |
|
||||
| service.port | int | `80` | |
|
||||
| service.type | string | `"ClusterIP"` | |
|
||||
| serviceAccount.create | bool | `true` | |
|
||||
| serviceAccount.name | string | `nil` | |
|
||||
| tolerations | list | `[]` | |
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "guacamole.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "guacamole.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "guacamole.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "guacamole.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||
kubectl port-forward $POD_NAME 8080:80
|
||||
{{- end }}
|
||||
@@ -1,56 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "guacamole.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "guacamole.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "guacamole.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "guacamole.labels" -}}
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}
|
||||
helm.sh/chart: {{ include "guacamole.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "guacamole.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "guacamole.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,186 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "guacamole.fullname" . }}-guacamole
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacamole
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacamole
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
{{- with .Values.guacamole.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsConfig:
|
||||
options:
|
||||
- name: ndots
|
||||
value: "1"
|
||||
serviceAccountName: {{ template "guacamole.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
- name: create-init-db
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.guacamole.image.repository }}:{{ tpl .Values.guacamole.image.tag . }}"
|
||||
imagePullPolicy: {{ .Values.guacamole.image.pullPolicy }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "guacamole.fullname" . }}
|
||||
env:
|
||||
- name: POSTGRES_HOSTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: host
|
||||
- name: POSTGRES_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: port
|
||||
- name: POSTGRES_DATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: dbname
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: password
|
||||
volumeMounts:
|
||||
- name: initdb
|
||||
mountPath: /data
|
||||
command: ["/bin/sh"]
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
/opt/guacamole/bin/initdb.sh --postgresql > /data/initdb.sql
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
- name: loaddb
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.dbcreation.image.repository }}:{{ .Values.dbcreation.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.dbcreation.image.pullPolicy }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "guacamole.fullname" . }}
|
||||
env:
|
||||
- name: POSTGRES_HOSTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: host
|
||||
- name: POSTGRES_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: port
|
||||
- name: POSTGRES_DATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: dbname
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: password
|
||||
|
||||
volumeMounts:
|
||||
- name: initdb
|
||||
mountPath: /data
|
||||
command: ["/bin/sh"]
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
export PGPASSWORD=$POSTGRES_PASSWORD
|
||||
# most likely already created, so don't fail, just log and move on
|
||||
psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -a -w -f /data/initdb.sql || true
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.guacamole.image.repository }}:{{ tpl .Values.guacamole.image.tag . }}"
|
||||
imagePullPolicy: {{ .Values.guacamole.image.pullPolicy }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "guacamole.fullname" . }}
|
||||
env:
|
||||
- name: POSTGRES_HOSTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: host
|
||||
- name: POSTGRES_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: port
|
||||
- name: POSTGRES_DATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: dbname
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: guacamole-db-app
|
||||
key: password
|
||||
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: initdb
|
||||
emptyDir: {}
|
||||
@@ -1,57 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "guacamole.fullname" . }}-guacd
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacd
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacd
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
{{- with .Values.guacd.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsConfig:
|
||||
options:
|
||||
- name: ndots
|
||||
value: "1"
|
||||
serviceAccountName: {{ template "guacamole.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.guacd.image.repository }}:{{ tpl .Values.guacd.image.tag . }}"
|
||||
imagePullPolicy: {{ .Values.guacd.image.pullPolicy }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "guacamole.fullname" . }}
|
||||
ports:
|
||||
- name: guacd
|
||||
containerPort: 4822
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "guacamole.fullname" . -}}
|
||||
{{- $svcPort := .Values.service.port -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.className }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ . }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}-guacamole
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "guacamole.fullname" . }}
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
GUACD_HOSTNAME: {{ printf "%s-%s" (include "guacamole.name" .) "guacd" | b64enc | quote }}
|
||||
GUACD_PORT: {{ "4822" | b64enc | quote }}
|
||||
WEBAPP_CONTEXT: {{ "ROOT" | b64enc | quote }}
|
||||
{{- range $key, $value := .Values.guacamole.settings }}
|
||||
{{ $key }}: {{ $value | b64enc | quote }}
|
||||
{{- end }}
|
||||
@@ -1,16 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "guacamole.fullname" . }}-guacamole
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacamole
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
@@ -1,16 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "guacamole.fullname" . }}-guacd
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: 4822
|
||||
targetPort: guacd
|
||||
protocol: TCP
|
||||
name: guacd
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "guacamole.name" . }}-guacd
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
@@ -1,8 +0,0 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "guacamole.serviceAccountName" . }}
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
{{- end -}}
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ include "guacamole.fullname" . }}-test-connection"
|
||||
labels:
|
||||
{{ include "guacamole.labels" . | indent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "guacamole.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
@@ -1,94 +0,0 @@
|
||||
# Default values for guacamole.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
guacamole:
|
||||
image:
|
||||
repository: guacamole/guacamole
|
||||
tag: "{{ .Chart.AppVersion }}"
|
||||
pullPolicy: IfNotPresent
|
||||
# Key-value settings directly passed as environment variables
|
||||
settings: {}
|
||||
|
||||
guacd:
|
||||
image:
|
||||
repository: guacamole/guacd
|
||||
tag: "{{ .Chart.AppVersion }}"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
dbcreation:
|
||||
image:
|
||||
repository: bitnami/postgresql
|
||||
tag: 14.3.0-debian-10-r9
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
|
||||
podSecurityContext:
|
||||
{}
|
||||
# fsGroup: 2000
|
||||
|
||||
securityContext:
|
||||
{}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
className: null
|
||||
annotations:
|
||||
{}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
hosts:
|
||||
- host: chart-example.local
|
||||
paths: []
|
||||
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
resources:
|
||||
{}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
postgres:
|
||||
hostname: "postgresql"
|
||||
port: "5432"
|
||||
database: "guacamole"
|
||||
user: "guacamole"
|
||||
password: "password"
|
||||
@@ -1,12 +0,0 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: guacamole-db
|
||||
spec:
|
||||
instances: 2
|
||||
storage:
|
||||
size: 10Gi
|
||||
|
||||
inheritedMetadata:
|
||||
labels:
|
||||
policy.cozystack.io/allow-to-apiserver: "true"
|
||||
@@ -19,3 +19,5 @@
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# Unit Tests
|
||||
tests/
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 0.40.0
|
||||
appVersion: 0.43.0
|
||||
description: 'Strimzi: Apache Kafka running on Kubernetes'
|
||||
home: https://strimzi.io/
|
||||
icon: https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/main/documentation/logo/strimzi_logo.png
|
||||
@@ -24,4 +24,4 @@ maintainers:
|
||||
name: strimzi-kafka-operator
|
||||
sources:
|
||||
- https://github.com/strimzi/strimzi-kafka-operator
|
||||
version: 0.40.0
|
||||
version: 0.43.0
|
||||
|
||||
@@ -9,8 +9,8 @@ Upgrading to Strimzi 0.32 and newer directly from Strimzi 0.22 and earlier is no
|
||||
Please follow the [documentation](https://strimzi.io/docs/operators/latest/full/deploying.html#assembly-upgrade-str) for more details.
|
||||
|
||||
**!!! IMPORTANT !!!**
|
||||
From Strimzi 0.40 on, we support only Kubernetes 1.23 and newer.
|
||||
Kubernetes versions 1.21 and 1.22 are no longer supported.
|
||||
Strimzi 0.43.0 (and any of its patch releases) is the last Strimzi version with support for Kubernetes 1.23 and 1.24.
|
||||
From Strimzi 0.44.0 on, Strimzi will support only Kubernetes 1.25 and newer.
|
||||
|
||||
## Introduction
|
||||
|
||||
@@ -21,6 +21,7 @@ cluster using the [Helm](https://helm.sh) package manager.
|
||||
### Supported Features
|
||||
|
||||
* **Manages the Kafka Cluster** - Deploys and manages all of the components of this complex application, including dependencies like Apache ZooKeeper® that are traditionally hard to administer.
|
||||
* **KRaft support** - Allows running Apache Kafka clusters in the KRaft mode (without ZooKeeper).
|
||||
* **Includes Kafka Connect** - Allows for configuration of common data sources and sinks to move data into and out of the Kafka cluster.
|
||||
* **Topic Management** - Creates and manages Kafka Topics within the cluster.
|
||||
* **User Management** - Creates and manages Kafka Users within the cluster.
|
||||
@@ -91,11 +92,12 @@ the documentation for more details.
|
||||
| Parameter | Description | Default |
|
||||
|---------------------------------------------|---------------------------------------------------------------------------------|------------------------------|
|
||||
| `replicas` | Number of replicas of the cluster operator | 1 |
|
||||
| `revisionHistoryLimit` | Number of replicaSet to keep of the operator deployment | 10 |
|
||||
| `watchNamespaces` | Comma separated list of additional namespaces for the strimzi-operator to watch | [] |
|
||||
| `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` |
|
||||
| `defaultImageRegistry` | Default image registry for all the images | `quay.io` |
|
||||
| `defaultImageRepository` | Default image registry for all the images | `strimzi` |
|
||||
| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.40.0` |
|
||||
| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.43.0` |
|
||||
| `image.registry` | Override default Cluster Operator image registry | `nil` |
|
||||
| `image.repository` | Override default Cluster Operator image repository | `nil` |
|
||||
| `image.name` | Cluster Operator image name | `cluster-operator` |
|
||||
@@ -156,16 +158,10 @@ the documentation for more details.
|
||||
| `kafkaInit.image.name` | Init Kafka image name | `operator` |
|
||||
| `kafkaInit.image.tag` | Override default Init Kafka image tag | `nil` |
|
||||
| `kafkaInit.image.digest` | Override Init Kafka image tag with digest | `nil` |
|
||||
| `tlsSidecarEntityOperator.image.registry` | Override default TLS Sidecar Entity Operator image registry | `nil` |
|
||||
| `tlsSidecarEntityOperator.image.repository` | Override default TLS Sidecar Entity Operator image repository | `nil` |
|
||||
| `tlsSidecarEntityOperator.image.name` | TLS Sidecar Entity Operator image name | `kafka` |
|
||||
| `tlsSidecarEntityOperator.image.tagPrefix` | Override default TLS Sidecar Entity Operator image tag prefix | `nil` |
|
||||
| `tlsSidecarEntityOperator.image.tag` | Override default TLS Sidecar Entity Operator image tag and ignore suffix | `nil` |
|
||||
| `tlsSidecarEntityOperator.image.digest` | Override TLS Sidecar Entity Operator image tag with digest | `nil` |
|
||||
| `kafkaBridge.image.registry` | Override default Kafka Bridge image registry | `quay.io` |
|
||||
| `kafkaBridge.image.repository` | Override default Kafka Bridge image repository | `strimzi` |
|
||||
| `kafkaBridge.image.name` | Kafka Bridge image name | `kafka-bridge` |
|
||||
| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.28.0` |
|
||||
| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.30.0` |
|
||||
| `kafkaBridge.image.digest` | Override Kafka Bridge image tag with digest | `nil` |
|
||||
| `kafkaExporter.image.registry` | Override default Kafka Exporter image registry | `nil` |
|
||||
| `kafkaExporter.image.repository` | Override default Kafka Exporter image repository | `nil` |
|
||||
@@ -184,9 +180,9 @@ the documentation for more details.
|
||||
| `kanikoExecutor.image.name` | Kaniko Executor image name | `kaniko-executor` |
|
||||
| `kanikoExecutor.image.tag` | Override default Kaniko Executor image tag | `nil` |
|
||||
| `kanikoExecutor.image.digest` | Override Kaniko Executor image tag with digest | `nil` |
|
||||
| `resources.limits.memory` | Memory constraint for limits | `256Mi` |
|
||||
| `resources.limits.memory` | Memory constraint for limits | `384Mi` |
|
||||
| `resources.limits.cpu` | CPU constraint for limits | `1000m` |
|
||||
| `resources.requests.memory` | Memory constraint for requests | `256Mi` |
|
||||
| `resources.requests.memory` | Memory constraint for requests | `384Mi` |
|
||||
| `livenessProbe.initialDelaySeconds` | Liveness probe initial delay in seconds | 10 |
|
||||
| `livenessProbe.periodSeconds` | Liveness probe period in seconds | 30 |
|
||||
| `readinessProbe.initialDelaySeconds` | Readiness probe initial delay in seconds | 10 |
|
||||
@@ -210,6 +206,7 @@ the documentation for more details.
|
||||
| `mavenBuilder.image.tag` | Override default Maven Builder image tag | `nil` |
|
||||
| `mavenBuilder.image.digest` | Override Maven Builder image tag with digest | `nil` |
|
||||
| `logConfiguration` | Override default `log4j.properties` content | `nil` |
|
||||
| `logLevel` | Override default logging level | `INFO` |
|
||||
| `dashboards.enable` | Generate configmaps containing the dashboards | `false` |
|
||||
| `dashboards.label` | How should the dashboards be labeled for the sidecar | `grafana_dashboard` |
|
||||
| `dashboards.labelValue` | What should the dashboards label value be for the sidecar | `"1"` |
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -74,14 +74,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection.
|
||||
description: TLS configuration.
|
||||
@@ -104,26 +115,48 @@ spec:
|
||||
accessTokenIsJwt:
|
||||
type: boolean
|
||||
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
|
||||
accessTokenLocation:
|
||||
type: string
|
||||
description: Path to the token file containing an access token to be used for authentication.
|
||||
audience:
|
||||
type: string
|
||||
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
|
||||
certificateAndKey:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
key:
|
||||
type: string
|
||||
description: The name of the private key in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
required:
|
||||
- secretName
|
||||
- certificate
|
||||
- key
|
||||
- secretName
|
||||
description: Reference to the `Secret` which holds the certificate and private key pair.
|
||||
clientAssertion:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
description: The key under which the secret value is stored in the Kubernetes Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Kubernetes Secret containing the secret value.
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
|
||||
clientAssertionLocation:
|
||||
type: string
|
||||
description: Path to the file containing the client assertion to be used for authentication.
|
||||
clientAssertionType:
|
||||
type: string
|
||||
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
|
||||
clientId:
|
||||
type: string
|
||||
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
|
||||
@@ -164,15 +197,15 @@ spec:
|
||||
passwordSecret:
|
||||
type: object
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the password.
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
required:
|
||||
- password
|
||||
- secretName
|
||||
- password
|
||||
description: Reference to the `Secret` which holds the password.
|
||||
readTimeoutSeconds:
|
||||
type: integer
|
||||
@@ -190,6 +223,11 @@ spec:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
|
||||
saslExtensions:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
description: SASL extensions parameters.
|
||||
scope:
|
||||
type: string
|
||||
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
|
||||
@@ -198,14 +236,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection to the OAuth server.
|
||||
tokenEndpointUri:
|
||||
@@ -241,23 +290,33 @@ spec:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: The maximum limits for CPU and memory resources and the requested initial resources.
|
||||
livenessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -266,22 +325,22 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod liveness checking.
|
||||
readinessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -290,10 +349,10 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod readiness checking.
|
||||
jvmOptions:
|
||||
type: object
|
||||
@@ -303,14 +362,14 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
description: A map of -XX options to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
"-Xmx":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xmx option to to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
gcLoggingEnabled:
|
||||
type: boolean
|
||||
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
|
||||
@@ -386,6 +445,32 @@ spec:
|
||||
required:
|
||||
- topologyKey
|
||||
description: Configuration of the node label which will be used as the `client.rack` consumer configuration.
|
||||
metricsConfig:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- jmxPrometheusExporter
|
||||
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to the key in the ConfigMap containing the configuration.
|
||||
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
|
||||
required:
|
||||
- type
|
||||
- valueFrom
|
||||
description: Metrics configuration.
|
||||
tracing:
|
||||
type: object
|
||||
properties:
|
||||
@@ -471,6 +556,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -873,31 +965,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -940,6 +1007,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka Connect `Pods`.
|
||||
apiService:
|
||||
type: object
|
||||
@@ -1027,6 +1198,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1080,6 +1258,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Connect container.
|
||||
initContainer:
|
||||
type: object
|
||||
@@ -1101,6 +1299,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1154,6 +1359,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka init container.
|
||||
podDisruptionBudget:
|
||||
type: object
|
||||
@@ -1241,6 +1466,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -1643,31 +1875,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -1710,6 +1917,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes.
|
||||
buildContainer:
|
||||
type: object
|
||||
@@ -1731,6 +2042,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1784,6 +2102,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes.
|
||||
buildConfig:
|
||||
type: object
|
||||
@@ -1842,7 +2180,7 @@ spec:
|
||||
description: Annotations added to the Kubernetes resource.
|
||||
description: Metadata applied to the resource.
|
||||
description: Template for Secret of the Kafka Connect Cluster JMX authentication.
|
||||
description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
|
||||
description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
|
||||
externalConfiguration:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1857,16 +2195,6 @@ spec:
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap.
|
||||
secretKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1877,6 +2205,16 @@ spec:
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a Secret.
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap.
|
||||
description: Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
|
||||
required:
|
||||
- name
|
||||
@@ -1887,27 +2225,6 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
|
||||
name:
|
||||
type: string
|
||||
description: Name of the volume which will be added to the Kafka Connect pods.
|
||||
@@ -1932,6 +2249,27 @@ spec:
|
||||
secretName:
|
||||
type: string
|
||||
description: Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
|
||||
required:
|
||||
- name
|
||||
description: Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.
|
||||
@@ -1963,23 +2301,6 @@ spec:
|
||||
- image
|
||||
- type
|
||||
description: Configures where should the newly built image be stored. Required.
|
||||
resources:
|
||||
type: object
|
||||
properties:
|
||||
claims:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: CPU and memory resources to reserve for the build.
|
||||
plugins:
|
||||
type: array
|
||||
items:
|
||||
@@ -2035,36 +2356,37 @@ spec:
|
||||
- name
|
||||
- artifacts
|
||||
description: List of connector plugins which should be added to the Kafka Connect. Required.
|
||||
resources:
|
||||
type: object
|
||||
properties:
|
||||
claims:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: CPU and memory resources to reserve for the build.
|
||||
required:
|
||||
- output
|
||||
- plugins
|
||||
description: Configures how the Connect container image should be built. Optional.
|
||||
metricsConfig:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- jmxPrometheusExporter
|
||||
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to the key in the ConfigMap containing the configuration.
|
||||
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
|
||||
required:
|
||||
- type
|
||||
- valueFrom
|
||||
description: Metrics configuration.
|
||||
required:
|
||||
- bootstrapServers
|
||||
description: The specification of the Kafka Connect cluster.
|
||||
@@ -2103,20 +2425,20 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
class:
|
||||
type: string
|
||||
description: The class of the connector plugin.
|
||||
type:
|
||||
type: string
|
||||
description: The type of the connector plugin. The available types are `sink` and `source`.
|
||||
version:
|
||||
type: string
|
||||
description: The version of the connector plugin.
|
||||
class:
|
||||
type: string
|
||||
description: The class of the connector plugin.
|
||||
description: The list of connector plugins available in this Kafka Connect deployment.
|
||||
labelSelector:
|
||||
type: string
|
||||
description: Label selector for pods providing this resource.
|
||||
replicas:
|
||||
type: integer
|
||||
description: The current number of pods being used to provide this resource.
|
||||
labelSelector:
|
||||
type: string
|
||||
description: Label selector for pods providing this resource.
|
||||
description: The status of the Kafka Connect cluster.
|
||||
|
||||
@@ -58,6 +58,9 @@ spec:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
partitions:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -71,9 +74,6 @@ spec:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: The topic configuration.
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
description: The specification of the topic.
|
||||
status:
|
||||
type: object
|
||||
@@ -108,6 +108,25 @@ spec:
|
||||
topicId:
|
||||
type: string
|
||||
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
|
||||
replicasChange:
|
||||
type: object
|
||||
properties:
|
||||
targetReplicas:
|
||||
type: integer
|
||||
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- pending
|
||||
- ongoing
|
||||
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
|
||||
message:
|
||||
type: string
|
||||
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
|
||||
sessionId:
|
||||
type: string
|
||||
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
|
||||
description: Replication factor change status.
|
||||
description: The status of the topic.
|
||||
- name: v1beta1
|
||||
served: true
|
||||
@@ -146,6 +165,9 @@ spec:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
partitions:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -159,9 +181,6 @@ spec:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: The topic configuration.
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
description: The specification of the topic.
|
||||
status:
|
||||
type: object
|
||||
@@ -196,6 +215,25 @@ spec:
|
||||
topicId:
|
||||
type: string
|
||||
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
|
||||
replicasChange:
|
||||
type: object
|
||||
properties:
|
||||
targetReplicas:
|
||||
type: integer
|
||||
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- pending
|
||||
- ongoing
|
||||
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
|
||||
message:
|
||||
type: string
|
||||
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
|
||||
sessionId:
|
||||
type: string
|
||||
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
|
||||
description: Replication factor change status.
|
||||
description: The status of the topic.
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
@@ -234,6 +272,9 @@ spec:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
partitions:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -247,9 +288,6 @@ spec:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: The topic configuration.
|
||||
topicName:
|
||||
type: string
|
||||
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
|
||||
description: The specification of the topic.
|
||||
status:
|
||||
type: object
|
||||
@@ -284,4 +322,23 @@ spec:
|
||||
topicId:
|
||||
type: string
|
||||
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
|
||||
replicasChange:
|
||||
type: object
|
||||
properties:
|
||||
targetReplicas:
|
||||
type: integer
|
||||
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- pending
|
||||
- ongoing
|
||||
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
|
||||
message:
|
||||
type: string
|
||||
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
|
||||
sessionId:
|
||||
type: string
|
||||
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
|
||||
description: Replication factor change status.
|
||||
description: The status of the topic.
|
||||
|
||||
@@ -99,9 +99,38 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
host:
|
||||
type: string
|
||||
description: The host from which the action described in the ACL rule is allowed or denied.
|
||||
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
|
||||
operation:
|
||||
type: string
|
||||
enum:
|
||||
@@ -133,36 +162,7 @@ spec:
|
||||
- DescribeConfigs
|
||||
- IdempotentWrite
|
||||
- All
|
||||
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
|
||||
required:
|
||||
- resource
|
||||
description: List of ACL rules which should be applied to this user.
|
||||
@@ -178,22 +178,22 @@ spec:
|
||||
quotas:
|
||||
type: object
|
||||
properties:
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
producerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
requestPercentage:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
|
||||
template:
|
||||
type: object
|
||||
@@ -330,9 +330,38 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
host:
|
||||
type: string
|
||||
description: The host from which the action described in the ACL rule is allowed or denied.
|
||||
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
|
||||
operation:
|
||||
type: string
|
||||
enum:
|
||||
@@ -364,36 +393,7 @@ spec:
|
||||
- DescribeConfigs
|
||||
- IdempotentWrite
|
||||
- All
|
||||
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
|
||||
required:
|
||||
- resource
|
||||
description: List of ACL rules which should be applied to this user.
|
||||
@@ -409,22 +409,22 @@ spec:
|
||||
quotas:
|
||||
type: object
|
||||
properties:
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
producerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
requestPercentage:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
|
||||
template:
|
||||
type: object
|
||||
@@ -561,9 +561,38 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
host:
|
||||
type: string
|
||||
description: The host from which the action described in the ACL rule is allowed or denied.
|
||||
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
|
||||
operation:
|
||||
type: string
|
||||
enum:
|
||||
@@ -595,36 +624,7 @@ spec:
|
||||
- DescribeConfigs
|
||||
- IdempotentWrite
|
||||
- All
|
||||
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
|
||||
resource:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
|
||||
patternType:
|
||||
type: string
|
||||
enum:
|
||||
- literal
|
||||
- prefix
|
||||
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- topic
|
||||
- group
|
||||
- cluster
|
||||
- transactionalId
|
||||
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
|
||||
required:
|
||||
- type
|
||||
description: Indicates the resource for which given ACL rule applies.
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- allow
|
||||
- deny
|
||||
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
|
||||
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
|
||||
required:
|
||||
- resource
|
||||
description: List of ACL rules which should be applied to this user.
|
||||
@@ -640,22 +640,22 @@ spec:
|
||||
quotas:
|
||||
type: object
|
||||
properties:
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
producerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
consumerByteRate:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
|
||||
requestPercentage:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
|
||||
controllerMutationRate:
|
||||
type: number
|
||||
minimum: 0
|
||||
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
|
||||
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
|
||||
template:
|
||||
type: object
|
||||
|
||||
@@ -109,26 +109,48 @@ spec:
|
||||
accessTokenIsJwt:
|
||||
type: boolean
|
||||
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
|
||||
accessTokenLocation:
|
||||
type: string
|
||||
description: Path to the token file containing an access token to be used for authentication.
|
||||
audience:
|
||||
type: string
|
||||
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
|
||||
certificateAndKey:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
key:
|
||||
type: string
|
||||
description: The name of the private key in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
required:
|
||||
- secretName
|
||||
- certificate
|
||||
- key
|
||||
- secretName
|
||||
description: Reference to the `Secret` which holds the certificate and private key pair.
|
||||
clientAssertion:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
description: The key under which the secret value is stored in the Kubernetes Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Kubernetes Secret containing the secret value.
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
|
||||
clientAssertionLocation:
|
||||
type: string
|
||||
description: Path to the file containing the client assertion to be used for authentication.
|
||||
clientAssertionType:
|
||||
type: string
|
||||
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
|
||||
clientId:
|
||||
type: string
|
||||
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
|
||||
@@ -169,15 +191,15 @@ spec:
|
||||
passwordSecret:
|
||||
type: object
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the password.
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
required:
|
||||
- password
|
||||
- secretName
|
||||
- password
|
||||
description: Reference to the `Secret` which holds the password.
|
||||
readTimeoutSeconds:
|
||||
type: integer
|
||||
@@ -195,6 +217,11 @@ spec:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
|
||||
saslExtensions:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
description: SASL extensions parameters.
|
||||
scope:
|
||||
type: string
|
||||
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
|
||||
@@ -203,14 +230,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection to the OAuth server.
|
||||
tokenEndpointUri:
|
||||
@@ -231,10 +269,6 @@ spec:
|
||||
required:
|
||||
- type
|
||||
description: Authentication configuration for connecting to the cluster.
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The MirrorMaker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols)."
|
||||
tls:
|
||||
type: object
|
||||
properties:
|
||||
@@ -243,17 +277,32 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection.
|
||||
description: TLS configuration for connecting MirrorMaker to the cluster.
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The MirrorMaker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols)."
|
||||
required:
|
||||
- bootstrapServers
|
||||
- groupId
|
||||
@@ -286,26 +335,48 @@ spec:
|
||||
accessTokenIsJwt:
|
||||
type: boolean
|
||||
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
|
||||
accessTokenLocation:
|
||||
type: string
|
||||
description: Path to the token file containing an access token to be used for authentication.
|
||||
audience:
|
||||
type: string
|
||||
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
|
||||
certificateAndKey:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
key:
|
||||
type: string
|
||||
description: The name of the private key in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
required:
|
||||
- secretName
|
||||
- certificate
|
||||
- key
|
||||
- secretName
|
||||
description: Reference to the `Secret` which holds the certificate and private key pair.
|
||||
clientAssertion:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
description: The key under which the secret value is stored in the Kubernetes Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Kubernetes Secret containing the secret value.
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
|
||||
clientAssertionLocation:
|
||||
type: string
|
||||
description: Path to the file containing the client assertion to be used for authentication.
|
||||
clientAssertionType:
|
||||
type: string
|
||||
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
|
||||
clientId:
|
||||
type: string
|
||||
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
|
||||
@@ -346,15 +417,15 @@ spec:
|
||||
passwordSecret:
|
||||
type: object
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the password.
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
required:
|
||||
- password
|
||||
- secretName
|
||||
- password
|
||||
description: Reference to the `Secret` which holds the password.
|
||||
readTimeoutSeconds:
|
||||
type: integer
|
||||
@@ -372,6 +443,11 @@ spec:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
|
||||
saslExtensions:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
description: SASL extensions parameters.
|
||||
scope:
|
||||
type: string
|
||||
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
|
||||
@@ -380,14 +456,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection to the OAuth server.
|
||||
tokenEndpointUri:
|
||||
@@ -420,14 +507,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection.
|
||||
description: TLS configuration for connecting MirrorMaker to the cluster.
|
||||
@@ -445,10 +543,20 @@ spec:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: CPU and memory resources to reserve.
|
||||
whitelist:
|
||||
@@ -465,14 +573,14 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
description: A map of -XX options to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
"-Xmx":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xmx option to to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
gcLoggingEnabled:
|
||||
type: boolean
|
||||
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
|
||||
@@ -613,6 +721,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -1015,31 +1130,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -1082,6 +1172,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka MirrorMaker `Pods`.
|
||||
podDisruptionBudget:
|
||||
type: object
|
||||
@@ -1125,6 +1319,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1178,6 +1379,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for Kafka MirrorMaker container.
|
||||
serviceAccount:
|
||||
type: object
|
||||
@@ -1201,14 +1422,14 @@ spec:
|
||||
livenessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -1217,22 +1438,22 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod liveness checking.
|
||||
readinessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -1241,10 +1462,10 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod readiness checking.
|
||||
oneOf:
|
||||
- properties:
|
||||
|
||||
@@ -77,14 +77,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection.
|
||||
description: TLS configuration for connecting Kafka Bridge to the cluster.
|
||||
@@ -107,26 +118,48 @@ spec:
|
||||
accessTokenIsJwt:
|
||||
type: boolean
|
||||
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
|
||||
accessTokenLocation:
|
||||
type: string
|
||||
description: Path to the token file containing an access token to be used for authentication.
|
||||
audience:
|
||||
type: string
|
||||
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
|
||||
certificateAndKey:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
key:
|
||||
type: string
|
||||
description: The name of the private key in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
required:
|
||||
- secretName
|
||||
- certificate
|
||||
- key
|
||||
- secretName
|
||||
description: Reference to the `Secret` which holds the certificate and private key pair.
|
||||
clientAssertion:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
description: The key under which the secret value is stored in the Kubernetes Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Kubernetes Secret containing the secret value.
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
|
||||
clientAssertionLocation:
|
||||
type: string
|
||||
description: Path to the file containing the client assertion to be used for authentication.
|
||||
clientAssertionType:
|
||||
type: string
|
||||
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
|
||||
clientId:
|
||||
type: string
|
||||
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
|
||||
@@ -167,15 +200,15 @@ spec:
|
||||
passwordSecret:
|
||||
type: object
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the password.
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
required:
|
||||
- password
|
||||
- secretName
|
||||
- password
|
||||
description: Reference to the `Secret` which holds the password.
|
||||
readTimeoutSeconds:
|
||||
type: integer
|
||||
@@ -193,6 +226,11 @@ spec:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
|
||||
saslExtensions:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
description: SASL extensions parameters.
|
||||
scope:
|
||||
type: string
|
||||
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
|
||||
@@ -201,14 +239,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection to the OAuth server.
|
||||
tokenEndpointUri:
|
||||
@@ -265,6 +314,12 @@ spec:
|
||||
consumer:
|
||||
type: object
|
||||
properties:
|
||||
enabled:
|
||||
type: boolean
|
||||
description: Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`).
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
description: "The timeout in seconds for deleting inactive consumers, default is -1 (disabled)."
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
@@ -273,6 +328,9 @@ spec:
|
||||
producer:
|
||||
type: object
|
||||
properties:
|
||||
enabled:
|
||||
type: boolean
|
||||
description: Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`).
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
@@ -289,10 +347,20 @@ spec:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: CPU and memory resources to reserve.
|
||||
jvmOptions:
|
||||
@@ -303,14 +371,14 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
description: A map of -XX options to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
"-Xmx":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xmx option to to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
gcLoggingEnabled:
|
||||
type: boolean
|
||||
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
|
||||
@@ -377,14 +445,14 @@ spec:
|
||||
livenessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -393,22 +461,22 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod liveness checking.
|
||||
readinessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -417,10 +485,10 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod readiness checking.
|
||||
template:
|
||||
type: object
|
||||
@@ -477,6 +545,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -879,31 +954,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -946,6 +996,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka Bridge `Pods`.
|
||||
apiService:
|
||||
type: object
|
||||
@@ -1022,6 +1176,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1075,6 +1236,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Bridge container.
|
||||
clusterRoleBinding:
|
||||
type: object
|
||||
@@ -1132,6 +1313,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1185,6 +1373,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Bridge init container.
|
||||
description: Template for Kafka Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated.
|
||||
tracing:
|
||||
@@ -1232,10 +1440,10 @@ spec:
|
||||
url:
|
||||
type: string
|
||||
description: The URL at which external client applications can access the Kafka Bridge.
|
||||
labelSelector:
|
||||
type: string
|
||||
description: Label selector for pods providing this resource.
|
||||
replicas:
|
||||
type: integer
|
||||
description: The current number of pods being used to provide this resource.
|
||||
labelSelector:
|
||||
type: string
|
||||
description: Label selector for pods providing this resource.
|
||||
description: The status of the Kafka Bridge.
|
||||
|
||||
@@ -81,7 +81,7 @@ spec:
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
|
||||
@@ -86,14 +86,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection.
|
||||
description: TLS configuration for connecting MirrorMaker 2 connectors to a cluster.
|
||||
@@ -116,26 +127,48 @@ spec:
|
||||
accessTokenIsJwt:
|
||||
type: boolean
|
||||
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
|
||||
accessTokenLocation:
|
||||
type: string
|
||||
description: Path to the token file containing an access token to be used for authentication.
|
||||
audience:
|
||||
type: string
|
||||
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
|
||||
certificateAndKey:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
key:
|
||||
type: string
|
||||
description: The name of the private key in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
required:
|
||||
- secretName
|
||||
- certificate
|
||||
- key
|
||||
- secretName
|
||||
description: Reference to the `Secret` which holds the certificate and private key pair.
|
||||
clientAssertion:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
description: The key under which the secret value is stored in the Kubernetes Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Kubernetes Secret containing the secret value.
|
||||
required:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
|
||||
clientAssertionLocation:
|
||||
type: string
|
||||
description: Path to the file containing the client assertion to be used for authentication.
|
||||
clientAssertionType:
|
||||
type: string
|
||||
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
|
||||
clientId:
|
||||
type: string
|
||||
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
|
||||
@@ -176,15 +209,15 @@ spec:
|
||||
passwordSecret:
|
||||
type: object
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the password.
|
||||
password:
|
||||
type: string
|
||||
description: The name of the key in the Secret under which the password is stored.
|
||||
required:
|
||||
- password
|
||||
- secretName
|
||||
- password
|
||||
description: Reference to the `Secret` which holds the password.
|
||||
readTimeoutSeconds:
|
||||
type: integer
|
||||
@@ -202,6 +235,11 @@ spec:
|
||||
- key
|
||||
- secretName
|
||||
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
|
||||
saslExtensions:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
description: SASL extensions parameters.
|
||||
scope:
|
||||
type: string
|
||||
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
|
||||
@@ -210,14 +248,25 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the Secret.
|
||||
secretName:
|
||||
type: string
|
||||
description: The name of the Secret containing the certificate.
|
||||
certificate:
|
||||
type: string
|
||||
description: The name of the file certificate in the secret.
|
||||
pattern:
|
||||
type: string
|
||||
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
|
||||
oneOf:
|
||||
- properties:
|
||||
certificate: {}
|
||||
required:
|
||||
- certificate
|
||||
- properties:
|
||||
pattern: {}
|
||||
required:
|
||||
- pattern
|
||||
required:
|
||||
- certificate
|
||||
- secretName
|
||||
description: Trusted certificates for TLS connection to the OAuth server.
|
||||
tokenEndpointUri:
|
||||
@@ -264,10 +313,20 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The maximum number of tasks for the Kafka Connector.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
autoRestart:
|
||||
type: object
|
||||
properties:
|
||||
@@ -278,16 +337,6 @@ spec:
|
||||
type: integer
|
||||
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
|
||||
description: Automatic restart of connector and tasks configuration.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
description: The specification of the Kafka MirrorMaker 2 source connector.
|
||||
heartbeatConnector:
|
||||
type: object
|
||||
@@ -296,10 +345,20 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The maximum number of tasks for the Kafka Connector.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
autoRestart:
|
||||
type: object
|
||||
properties:
|
||||
@@ -310,16 +369,6 @@ spec:
|
||||
type: integer
|
||||
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
|
||||
description: Automatic restart of connector and tasks configuration.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
description: The specification of the Kafka MirrorMaker 2 heartbeat connector.
|
||||
checkpointConnector:
|
||||
type: object
|
||||
@@ -328,10 +377,20 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The maximum number of tasks for the Kafka Connector.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
config:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
|
||||
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
autoRestart:
|
||||
type: object
|
||||
properties:
|
||||
@@ -342,16 +401,6 @@ spec:
|
||||
type: integer
|
||||
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
|
||||
description: Automatic restart of connector and tasks configuration.
|
||||
pause:
|
||||
type: boolean
|
||||
description: Whether the connector should be paused. Defaults to false.
|
||||
state:
|
||||
type: string
|
||||
enum:
|
||||
- paused
|
||||
- stopped
|
||||
- running
|
||||
description: The state the connector should be in. Defaults to running.
|
||||
description: The specification of the Kafka MirrorMaker 2 checkpoint connector.
|
||||
topicsPattern:
|
||||
type: string
|
||||
@@ -386,23 +435,33 @@ spec:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: The maximum limits for CPU and memory resources and the requested initial resources.
|
||||
livenessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -411,22 +470,22 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod liveness checking.
|
||||
readinessProbe:
|
||||
type: object
|
||||
properties:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
initialDelaySeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
|
||||
timeoutSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
periodSeconds:
|
||||
type: integer
|
||||
minimum: 1
|
||||
@@ -435,10 +494,10 @@ spec:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
|
||||
timeoutSeconds:
|
||||
failureThreshold:
|
||||
type: integer
|
||||
minimum: 1
|
||||
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
|
||||
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
|
||||
description: Pod readiness checking.
|
||||
jvmOptions:
|
||||
type: object
|
||||
@@ -448,14 +507,14 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
description: A map of -XX options to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
"-Xmx":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xmx option to to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
gcLoggingEnabled:
|
||||
type: boolean
|
||||
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
|
||||
@@ -531,6 +590,32 @@ spec:
|
||||
required:
|
||||
- topologyKey
|
||||
description: Configuration of the node label which will be used as the `client.rack` consumer configuration.
|
||||
metricsConfig:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- jmxPrometheusExporter
|
||||
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to the key in the ConfigMap containing the configuration.
|
||||
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
|
||||
required:
|
||||
- type
|
||||
- valueFrom
|
||||
description: Metrics configuration.
|
||||
tracing:
|
||||
type: object
|
||||
properties:
|
||||
@@ -616,6 +701,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -1018,31 +1110,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -1085,6 +1152,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka Connect `Pods`.
|
||||
apiService:
|
||||
type: object
|
||||
@@ -1172,6 +1343,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1225,6 +1403,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Connect container.
|
||||
initContainer:
|
||||
type: object
|
||||
@@ -1246,6 +1444,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1299,6 +1504,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka init container.
|
||||
podDisruptionBudget:
|
||||
type: object
|
||||
@@ -1386,6 +1611,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -1788,31 +2020,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -1855,6 +2062,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes.
|
||||
buildContainer:
|
||||
type: object
|
||||
@@ -1876,6 +2187,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -1929,6 +2247,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes.
|
||||
buildConfig:
|
||||
type: object
|
||||
@@ -1987,7 +2325,7 @@ spec:
|
||||
description: Annotations added to the Kubernetes resource.
|
||||
description: Metadata applied to the resource.
|
||||
description: Template for Secret of the Kafka Connect Cluster JMX authentication.
|
||||
description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
|
||||
description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
|
||||
externalConfiguration:
|
||||
type: object
|
||||
properties:
|
||||
@@ -2002,16 +2340,6 @@ spec:
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap.
|
||||
secretKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
@@ -2022,6 +2350,16 @@ spec:
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a Secret.
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap.
|
||||
description: Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
|
||||
required:
|
||||
- name
|
||||
@@ -2032,27 +2370,6 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
|
||||
name:
|
||||
type: string
|
||||
description: Name of the volume which will be added to the Kafka Connect pods.
|
||||
@@ -2077,36 +2394,31 @@ spec:
|
||||
secretName:
|
||||
type: string
|
||||
description: Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
|
||||
required:
|
||||
- name
|
||||
description: Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.
|
||||
description: Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors.
|
||||
metricsConfig:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
enum:
|
||||
- jmxPrometheusExporter
|
||||
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
|
||||
valueFrom:
|
||||
type: object
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: Reference to the key in the ConfigMap containing the configuration.
|
||||
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
|
||||
required:
|
||||
- type
|
||||
- valueFrom
|
||||
description: Metrics configuration.
|
||||
required:
|
||||
- connectCluster
|
||||
description: The specification of the Kafka MirrorMaker 2 cluster.
|
||||
@@ -2140,6 +2452,12 @@ spec:
|
||||
url:
|
||||
type: string
|
||||
description: The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors.
|
||||
connectors:
|
||||
type: array
|
||||
items:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API."
|
||||
autoRestartStatuses:
|
||||
type: array
|
||||
items:
|
||||
@@ -2160,22 +2478,16 @@ spec:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
class:
|
||||
type: string
|
||||
description: The class of the connector plugin.
|
||||
type:
|
||||
type: string
|
||||
description: The type of the connector plugin. The available types are `sink` and `source`.
|
||||
version:
|
||||
type: string
|
||||
description: The version of the connector plugin.
|
||||
class:
|
||||
type: string
|
||||
description: The class of the connector plugin.
|
||||
description: The list of connector plugins available in this Kafka Connect deployment.
|
||||
connectors:
|
||||
type: array
|
||||
items:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
description: "List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API."
|
||||
labelSelector:
|
||||
type: string
|
||||
description: Label selector for pods providing this resource.
|
||||
|
||||
@@ -51,6 +51,10 @@ spec:
|
||||
description: There is an error on the custom resource
|
||||
jsonPath: ".status.conditions[?(@.type==\"NotReady\")].status"
|
||||
type: string
|
||||
- name: Stopped
|
||||
description: Processing the proposal or running rebalancing was stopped
|
||||
jsonPath: ".status.conditions[?(@.type==\"Stopped\")].status"
|
||||
type: string
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
|
||||
@@ -34,6 +34,14 @@ spec:
|
||||
description: The desired number of replicas
|
||||
jsonPath: .spec.replicas
|
||||
type: integer
|
||||
- name: Roles
|
||||
description: Roles of the nodes in the pool
|
||||
jsonPath: .status.roles
|
||||
type: string
|
||||
- name: NodeIds
|
||||
description: Node IDs used by Kafka nodes in this pool
|
||||
jsonPath: .status.nodeIds
|
||||
type: string
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
@@ -66,6 +74,11 @@ spec:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
|
||||
kraftMetadata:
|
||||
type: string
|
||||
enum:
|
||||
- shared
|
||||
description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set."
|
||||
overrides:
|
||||
type: array
|
||||
items:
|
||||
@@ -77,7 +90,7 @@ spec:
|
||||
broker:
|
||||
type: integer
|
||||
description: Id of the kafka broker (broker identifier).
|
||||
description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers.
|
||||
description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers.
|
||||
selector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
@@ -111,7 +124,12 @@ spec:
|
||||
id:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
|
||||
description: Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration.
|
||||
kraftMetadata:
|
||||
type: string
|
||||
enum:
|
||||
- shared
|
||||
description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set."
|
||||
overrides:
|
||||
type: array
|
||||
items:
|
||||
@@ -123,7 +141,7 @@ spec:
|
||||
broker:
|
||||
type: integer
|
||||
description: Id of the kafka broker (broker identifier).
|
||||
description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers.
|
||||
description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers.
|
||||
selector:
|
||||
additionalProperties:
|
||||
type: string
|
||||
@@ -167,10 +185,20 @@ spec:
|
||||
name:
|
||||
type: string
|
||||
limits:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
requests:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
description: CPU and memory resources to reserve.
|
||||
jvmOptions:
|
||||
@@ -181,14 +209,14 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
description: A map of -XX options to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
"-Xmx":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xmx option to to the JVM.
|
||||
"-Xms":
|
||||
type: string
|
||||
pattern: "^[0-9]+[mMgG]?$"
|
||||
description: -Xms option to to the JVM.
|
||||
gcLoggingEnabled:
|
||||
type: boolean
|
||||
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
|
||||
@@ -254,6 +282,13 @@ spec:
|
||||
securityContext:
|
||||
type: object
|
||||
properties:
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
fsGroup:
|
||||
type: integer
|
||||
fsGroupChangePolicy:
|
||||
@@ -656,31 +691,6 @@ spec:
|
||||
value:
|
||||
type: string
|
||||
description: The pod's tolerations.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
topologySpreadConstraints:
|
||||
type: array
|
||||
items:
|
||||
@@ -723,6 +733,110 @@ spec:
|
||||
whenUnsatisfiable:
|
||||
type: string
|
||||
description: The pod's topology spread constraints.
|
||||
priorityClassName:
|
||||
type: string
|
||||
description: 'The name of the priority class used to assign priority to the pods. '
|
||||
schedulerName:
|
||||
type: string
|
||||
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
|
||||
hostAliases:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
|
||||
enableServiceLinks:
|
||||
type: boolean
|
||||
description: Indicates whether information about services should be injected into Pod's environment variables.
|
||||
tmpDirSizeLimit:
|
||||
type: string
|
||||
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
|
||||
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
|
||||
volumes:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: Name to use for the volume. Required.
|
||||
secret:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
secretName:
|
||||
type: string
|
||||
description: Secret to use populate the volume.
|
||||
configMap:
|
||||
type: object
|
||||
properties:
|
||||
defaultMode:
|
||||
type: integer
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
mode:
|
||||
type: integer
|
||||
path:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
description: ConfigMap to use to populate the volume.
|
||||
emptyDir:
|
||||
type: object
|
||||
properties:
|
||||
medium:
|
||||
type: string
|
||||
sizeLimit:
|
||||
type: object
|
||||
properties:
|
||||
amount:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
description: EmptyDir to use to populate the volume.
|
||||
persistentVolumeClaim:
|
||||
type: object
|
||||
properties:
|
||||
claimName:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
description: PersistentVolumeClaim object to use to populate the volume.
|
||||
oneOf:
|
||||
- properties:
|
||||
secret: {}
|
||||
configMap: {}
|
||||
emptyDir: {}
|
||||
persistentVolumeClaim: {}
|
||||
required: []
|
||||
description: Additional volumes that can be mounted to the pod.
|
||||
description: Template for Kafka `Pods`.
|
||||
perPodService:
|
||||
type: object
|
||||
@@ -816,6 +930,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -869,6 +990,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka broker container.
|
||||
initContainer:
|
||||
type: object
|
||||
@@ -890,6 +1031,13 @@ spec:
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
type: boolean
|
||||
appArmorProfile:
|
||||
type: object
|
||||
properties:
|
||||
localhostProfile:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
capabilities:
|
||||
type: object
|
||||
properties:
|
||||
@@ -943,6 +1091,26 @@ spec:
|
||||
runAsUserName:
|
||||
type: string
|
||||
description: Security context for the container.
|
||||
volumeMounts:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
mountPath:
|
||||
type: string
|
||||
mountPropagation:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
readOnly:
|
||||
type: boolean
|
||||
recursiveReadOnly:
|
||||
type: string
|
||||
subPath:
|
||||
type: string
|
||||
subPathExpr:
|
||||
type: string
|
||||
description: Additional volume mounts which should be applied to the container.
|
||||
description: Template for the Kafka init container.
|
||||
description: Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated.
|
||||
required:
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -91,10 +91,9 @@ rules:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- "" # legacy core events api, used by topic operator
|
||||
- "events.k8s.io" # new events api, used by cluster operator
|
||||
resources:
|
||||
# The cluster operator needs to be able to create events and delegate permissions to do so
|
||||
# The cluster operator needs to be able to create events
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
|
||||
@@ -13,8 +13,10 @@ metadata:
|
||||
name: strimzi-cluster-operator-namespaced
|
||||
{{- else }}
|
||||
name: strimzi-cluster-operator
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not $root.Values.watchAnyNamespace }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "strimzi.name" $root }}
|
||||
chart: {{ template "strimzi.chart" $root }}
|
||||
|
||||
@@ -14,7 +14,9 @@ metadata:
|
||||
{{- else }}
|
||||
name: strimzi-cluster-operator-watched
|
||||
{{- end }}
|
||||
{{- if not $root.Values.watchAnyNamespace }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "strimzi.name" $root }}
|
||||
chart: {{ template "strimzi.chart" $root }}
|
||||
|
||||
@@ -46,13 +46,6 @@ rules:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
# The entity operator needs to be able to create events
|
||||
- create
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
||||
@@ -10,7 +10,9 @@ kind: RoleBinding
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: strimzi-cluster-operator-entity-operator-delegation
|
||||
{{- if not $root.Values.watchAnyNamespace }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "strimzi.name" $root }}
|
||||
chart: {{ template "strimzi.chart" $root }}
|
||||
|
||||
@@ -11,6 +11,9 @@ metadata:
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- if .Values.revisionHistoryLimit }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
name: strimzi-cluster-operator
|
||||
|
||||
@@ -17,6 +17,8 @@ rules:
|
||||
- "kafka.strimzi.io"
|
||||
resources:
|
||||
- kafkas
|
||||
- kafkanodepools
|
||||
- kafkanodepools/scale
|
||||
- kafkaconnects
|
||||
- kafkaconnects/scale
|
||||
- kafkamirrormakers
|
||||
|
||||
@@ -16,6 +16,7 @@ rules:
|
||||
- "kafka.strimzi.io"
|
||||
resources:
|
||||
- kafkas
|
||||
- kafkanodepools
|
||||
- kafkaconnects
|
||||
- kafkamirrormakers
|
||||
- kafkausers
|
||||
|
||||
@@ -40,7 +40,7 @@ Creates the image name from the registry, repository, image, tag, and digest
|
||||
To use, add the following key/value pairs to the scope:
|
||||
- "key" [optional]: the key to lookup under .Values for the image map
|
||||
- "tagSuffix" [optional]: the suffix to add to tagPrefix or the default tag
|
||||
- Example: `template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.1.0"))`
|
||||
- Example: `template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.1.0"))`
|
||||
*/}}
|
||||
{{- define "strimzi.image" -}}
|
||||
{{- $vals := ternary .Values.image (index .Values .key).image (empty .key) -}}
|
||||
|
||||
@@ -5,30 +5,28 @@
|
||||
|
||||
{{/* Generate the kafka image map */}}
|
||||
{{- define "strimzi.kafka.image.map" }}
|
||||
- name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE
|
||||
value: {{ template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
- name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE
|
||||
value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
- name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE
|
||||
value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
- name: STRIMZI_KAFKA_IMAGES
|
||||
value: |
|
||||
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.0")) }}
|
||||
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.1")) }}
|
||||
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.7.1")) }}
|
||||
3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
- name: STRIMZI_KAFKA_CONNECT_IMAGES
|
||||
value: |
|
||||
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.0")) }}
|
||||
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.1")) }}
|
||||
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.7.1")) }}
|
||||
3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
- name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES
|
||||
value: |
|
||||
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.0")) }}
|
||||
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.1")) }}
|
||||
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.7.1")) }}
|
||||
3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
- name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES
|
||||
value: |
|
||||
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.0")) }}
|
||||
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.1")) }}
|
||||
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.7.0")) }}
|
||||
3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.7.1")) }}
|
||||
3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.8.0")) }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -10,7 +10,7 @@ watchAnyNamespace: false
|
||||
|
||||
defaultImageRegistry: quay.io
|
||||
defaultImageRepository: strimzi
|
||||
defaultImageTag: 0.40.0
|
||||
defaultImageTag: 0.43.0
|
||||
|
||||
image:
|
||||
registry: ""
|
||||
@@ -54,11 +54,11 @@ leaderElection:
|
||||
enable: true
|
||||
|
||||
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget:
|
||||
podDisruptionBudget:
|
||||
enabled: false
|
||||
# The PDB definition only has two attributes to control the availability requirements: minAvailable or maxUnavailable (mutually exclusive).
|
||||
# The PDB definition only has two attributes to control the availability requirements: minAvailable or maxUnavailable (mutually exclusive).
|
||||
# Field maxUnavailable tells how many pods can be down and minAvailable tells how many pods must be running in a cluster.
|
||||
|
||||
|
||||
# The pdb template will check values according to below order
|
||||
#
|
||||
# {{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
@@ -115,12 +115,6 @@ kafkaInit:
|
||||
repository: ""
|
||||
name: operator
|
||||
tag: ""
|
||||
tlsSidecarEntityOperator:
|
||||
image:
|
||||
registry: ""
|
||||
repository: ""
|
||||
name: kafka
|
||||
tagPrefix: ""
|
||||
kafkaMirrorMaker:
|
||||
image:
|
||||
registry: ""
|
||||
@@ -132,7 +126,7 @@ kafkaBridge:
|
||||
registry: ""
|
||||
repository:
|
||||
name: kafka-bridge
|
||||
tag: 0.28.0
|
||||
tag: 0.30.0
|
||||
kafkaExporter:
|
||||
image:
|
||||
registry: ""
|
||||
@@ -186,4 +180,4 @@ labelsExclusionPattern: ""
|
||||
# Controls whether Strimzi generates network policy resources (By default true)
|
||||
generateNetworkPolicy: true
|
||||
# Override the value for Connect build timeout
|
||||
connectBuildTimeoutMs: 300000
|
||||
connectBuildTimeoutMs: 300000
|
||||
@@ -1,2 +1,4 @@
|
||||
strimzi-kafka-operator:
|
||||
watchAnyNamespace: true
|
||||
generateNetworkPolicy: false
|
||||
kubernetesServiceDnsDomain: cozy.local
|
||||
@@ -3,5 +3,12 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.14.1@sha256:5a1c82f19552e4ec852880b943290921ec38f4f70b1256848e335f2b96ce09e3
|
||||
tag: v0.15.0@sha256:631b38ed012edab7ba3044ea67a57ab7cd303b8176d0d8a9b7f87e501c9aa085
|
||||
repository: ghcr.io/aenix-io/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 500Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
|
||||
@@ -22,4 +22,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.13.0@sha256:a3e340d45a125c2dc2bc25a48f42a1b5547f9e1224de3d5b73baf68c22a53889
|
||||
tag: v1.13.0@sha256:11c4ef0f71c73df4703743c0f63b7ff0ec67af6342caf1e7db8ebd5546071855
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-guacamole
|
||||
name: cozy-opencost
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
10
packages/system/opencost/Makefile
Normal file
10
packages/system/opencost/Makefile
Normal file
@@ -0,0 +1,10 @@
|
||||
export NAME=opencost
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
include ../../../scripts/package-system.mk
|
||||
|
||||
update:
|
||||
rm -rf charts
|
||||
helm repo add opencost-charts https://opencost.github.io/opencost-helm-chart
|
||||
helm repo update opencost-charts
|
||||
helm pull opencost-charts/opencost --untar --untardir charts
|
||||
19
packages/system/opencost/charts/opencost/Chart.yaml
Normal file
19
packages/system/opencost/charts/opencost/Chart.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.111.0
|
||||
description: OpenCost and OpenCost UI
|
||||
home: https://github.com/opencost/opencost-helm-chart
|
||||
keywords:
|
||||
- cloud-costs
|
||||
- cost-optimization
|
||||
- finops
|
||||
- monitoring
|
||||
- opencost
|
||||
maintainers:
|
||||
- name: mattray
|
||||
url: https://mattray.dev
|
||||
- name: toscott
|
||||
- email: rafa@stormforge.io
|
||||
name: brito-rafa
|
||||
name: opencost
|
||||
type: application
|
||||
version: 1.41.0
|
||||
213
packages/system/opencost/charts/opencost/README.md
Normal file
213
packages/system/opencost/charts/opencost/README.md
Normal file
@@ -0,0 +1,213 @@
|
||||
# opencost
|
||||
|
||||
OpenCost and OpenCost UI
|
||||
|
||||
|
||||
|
||||
|
||||
[](https://artifacthub.io/packages/search?repo=opencost)
|
||||
[](https://artifacthub.io/packages/search?repo=opencost-oci)
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| mattray | | <https://mattray.dev> |
|
||||
| toscott | | |
|
||||
| brito-rafa | <rafa@stormforge.io> | |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `opencost`:
|
||||
|
||||
```console
|
||||
$ helm install opencost opencost/opencost
|
||||
```
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| annotations | object | `{}` | Annotations to add to the all the resources |
|
||||
| extraVolumes | list | `[]` | A list of volumes to be added to the pod |
|
||||
| fullnameOverride | string | `""` | Overwrite all resources name created by the chart |
|
||||
| imagePullSecrets | list | `[]` | List of secret names to use for pulling the images |
|
||||
| loglevel | string | `"info"` | |
|
||||
| nameOverride | string | `""` | Overwrite the default name of the chart |
|
||||
| namespaceOverride | string | `""` | Override the deployment namespace |
|
||||
| networkPolicies.enabled | bool | `false` | Specifies whether networkpolicies should be created |
|
||||
| networkPolicies.extraEgress | list | `[]` | Extra egress rule |
|
||||
| networkPolicies.prometheus | object | `{"labels":{"app.kubernetes.io/name":"prometheus"},"namespace":"prometheus-system","port":9090}` | Internal Prometheus settings related to NetworkPolicies |
|
||||
| networkPolicies.prometheus.labels | object | `{"app.kubernetes.io/name":"prometheus"}` | Labels applied to the Prometheus server pod(s) |
|
||||
| networkPolicies.prometheus.namespace | string | `"prometheus-system"` | Namespace where internal Prometheus is installed |
|
||||
| networkPolicies.prometheus.port | int | `9090` | Pod port of in-cluster Prometheus |
|
||||
| opencost.affinity | object | `{}` | Affinity settings for pod assignment |
|
||||
| opencost.carbonCost.enabled | bool | `false` | Enable carbon cost exposed in the API |
|
||||
| opencost.cloudCost.enabled | bool | `false` | Enable cloud cost ingestion and querying, dependant on valid integration credentials |
|
||||
| opencost.cloudCost.monthToDateInterval | int | `6` | The number of standard runs before a Month-to-Date run occurs |
|
||||
| opencost.cloudCost.queryWindowDays | int | `7` | The max number of days that any single query will be made to construct Cloud Costs |
|
||||
| opencost.cloudCost.refreshRateHours | int | `6` | Number of hours between each run of the Cloud Cost pipeline |
|
||||
| opencost.cloudCost.runWindowDays | int | `3` | Number of days into the past that a Cloud Cost standard run will query for |
|
||||
| opencost.cloudIntegrationSecret | string | `""` | |
|
||||
| opencost.customPricing.configPath | string | `"/tmp/custom-config"` | Path for the pricing configuration. |
|
||||
| opencost.customPricing.configmapName | string | `"custom-pricing-model"` | Customize the configmap name used for custom pricing |
|
||||
| opencost.customPricing.costModel | object | `{"CPU":1.25,"GPU":0.95,"RAM":0.5,"description":"Modified pricing configuration.","internetNetworkEgress":0.12,"regionNetworkEgress":0.01,"spotCPU":0.006655,"spotRAM":0.000892,"storage":0.25,"zoneNetworkEgress":0.01}` | More information about these values here: https://www.opencost.io/docs/configuration/on-prem#custom-pricing-using-the-opencost-helm-chart |
|
||||
| opencost.customPricing.createConfigmap | bool | `true` | Configures the pricing model provided in the values file. |
|
||||
| opencost.customPricing.enabled | bool | `false` | Enables custom pricing configuration |
|
||||
| opencost.customPricing.provider | string | `"custom"` | Sets the provider type for the custom pricing file. |
|
||||
| opencost.dataRetention.dailyResolutionDays | int | `15` | |
|
||||
| opencost.exporter.apiPort | int | `9003` | |
|
||||
| opencost.exporter.aws.access_key_id | string | `""` | AWS secret key id |
|
||||
| opencost.exporter.aws.secret_access_key | string | `""` | AWS secret access key |
|
||||
| opencost.exporter.cloudProviderApiKey | string | `""` | The GCP Pricing API requires a key. This is supplied just for evaluation. |
|
||||
| opencost.exporter.csv_path | string | `""` | |
|
||||
| opencost.exporter.defaultClusterId | string | `"default-cluster"` | Default cluster ID to use if cluster_id is not set in Prometheus metrics. |
|
||||
| opencost.exporter.env | list | `[]` | List of additional environment variables to set in the container |
|
||||
| opencost.exporter.extraArgs | list | `[]` | List of extra arguments for the command, e.g.: log-format=json |
|
||||
| opencost.exporter.extraEnv | object | `{}` | Any extra environment variables you would like to pass on to the pod |
|
||||
| opencost.exporter.extraVolumeMounts | list | `[]` | A list of volume mounts to be added to the pod |
|
||||
| opencost.exporter.image.fullImageName | string | `nil` | Override the full image name for development purposes |
|
||||
| opencost.exporter.image.pullPolicy | string | `"IfNotPresent"` | Exporter container image pull policy |
|
||||
| opencost.exporter.image.registry | string | `"ghcr.io"` | Exporter container image registry |
|
||||
| opencost.exporter.image.repository | string | `"opencost/opencost"` | Exporter container image name |
|
||||
| opencost.exporter.image.tag | string | `"1.111.0@sha256:6aa68e52a24b14ba41f23db08d1b9db1429a1c0300f4c0381ecc2c61fc311a97"` | Exporter container image tag |
|
||||
| opencost.exporter.livenessProbe.enabled | bool | `true` | Whether probe is enabled |
|
||||
| opencost.exporter.livenessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
|
||||
| opencost.exporter.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds before probe is initiated |
|
||||
| opencost.exporter.livenessProbe.path | string | `"/healthz"` | Probe path |
|
||||
| opencost.exporter.livenessProbe.periodSeconds | int | `20` | Probe frequency in seconds |
|
||||
| opencost.exporter.persistence.accessMode | string | `""` | Access mode for persistent volume |
|
||||
| opencost.exporter.persistence.annotations | object | `{}` | Annotations for persistent volume |
|
||||
| opencost.exporter.persistence.enabled | bool | `false` | |
|
||||
| opencost.exporter.persistence.size | string | `""` | Size for persistent volume |
|
||||
| opencost.exporter.persistence.storageClass | string | `""` | Storage class for persistent volume |
|
||||
| opencost.exporter.readinessProbe.enabled | bool | `true` | Whether probe is enabled |
|
||||
| opencost.exporter.readinessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
|
||||
| opencost.exporter.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds before probe is initiated |
|
||||
| opencost.exporter.readinessProbe.path | string | `"/healthz"` | Probe path |
|
||||
| opencost.exporter.readinessProbe.periodSeconds | int | `10` | Probe frequency in seconds |
|
||||
| opencost.exporter.replicas | int | `1` | Number of OpenCost replicas to run |
|
||||
| opencost.exporter.resources.limits | object | `{"cpu":"999m","memory":"1Gi"}` | CPU/Memory resource limits |
|
||||
| opencost.exporter.resources.requests | object | `{"cpu":"10m","memory":"55Mi"}` | CPU/Memory resource requests |
|
||||
| opencost.exporter.securityContext | object | `{}` | The security options the container should be run with |
|
||||
| opencost.exporter.startupProbe.enabled | bool | `true` | Whether probe is enabled |
|
||||
| opencost.exporter.startupProbe.failureThreshold | int | `30` | Number of failures for probe to be considered failed |
|
||||
| opencost.exporter.startupProbe.initialDelaySeconds | int | `10` | Number of seconds before probe is initiated |
|
||||
| opencost.exporter.startupProbe.path | string | `"/healthz"` | Probe path |
|
||||
| opencost.exporter.startupProbe.periodSeconds | int | `5` | Probe frequency in seconds |
|
||||
| opencost.extraContainers | list | `[]` | extra sidecars to add to the pod. Useful for things like oauth-proxy for the UI |
|
||||
| opencost.metrics.config.configmapName | string | `"custom-metrics"` | Customize the configmap name used for metrics |
|
||||
| opencost.metrics.config.disabledMetrics | list | `[]` | List of metrics to be disabled |
|
||||
| opencost.metrics.config.enabled | bool | `false` | Enables creating the metrics.json configuration as a ConfigMap |
|
||||
| opencost.metrics.kubeStateMetrics.emitKsmV1Metrics | bool | `nil` | Enable emission of KSM v1 metrics |
|
||||
| opencost.metrics.kubeStateMetrics.emitKsmV1MetricsOnly | bool | `nil` | Enable only emission of KSM v1 metrics that do not exist in KSM 2 by default |
|
||||
| opencost.metrics.kubeStateMetrics.emitNamespaceAnnotations | bool | `nil` | Enable emission of namespace annotations |
|
||||
| opencost.metrics.kubeStateMetrics.emitPodAnnotations | bool | `nil` | Enable emission of pod annotations |
|
||||
| opencost.metrics.serviceMonitor.additionalLabels | object | `{}` | Additional labels to add to the ServiceMonitor |
|
||||
| opencost.metrics.serviceMonitor.enabled | bool | `false` | Create ServiceMonitor resource for scraping metrics using PrometheusOperator |
|
||||
| opencost.metrics.serviceMonitor.extraEndpoints | list | `[]` | extra Endpoints to add to the ServiceMonitor. Useful for scraping sidecars |
|
||||
| opencost.metrics.serviceMonitor.honorLabels | bool | `true` | HonorLabels chooses the metric's labels on collisions with target labels |
|
||||
| opencost.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion |
|
||||
| opencost.metrics.serviceMonitor.namespace | string | `""` | Specify if the ServiceMonitor will be deployed into a different namespace (blank deploys into same namespace as chart) |
|
||||
| opencost.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields |
|
||||
| opencost.metrics.serviceMonitor.scheme | string | `"http"` | HTTP scheme used for scraping. Defaults to `http` |
|
||||
| opencost.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | Interval at which metrics should be scraped |
|
||||
| opencost.metrics.serviceMonitor.scrapeTimeout | string | `"10s"` | Timeout after which the scrape is ended |
|
||||
| opencost.metrics.serviceMonitor.tlsConfig | object | `{}` | TLS configuration for scraping metrics |
|
||||
| opencost.nodeSelector | object | `{}` | Node labels for pod assignment |
|
||||
| opencost.prometheus.amp.enabled | bool | `false` | Use Amazon Managed Service for Prometheus (AMP) |
|
||||
| opencost.prometheus.amp.workspaceId | string | `""` | Workspace ID for AMP |
|
||||
| opencost.prometheus.bearer_token | string | `""` | Prometheus Bearer token |
|
||||
| opencost.prometheus.bearer_token_key | string | `"DB_BEARER_TOKEN"` | |
|
||||
| opencost.prometheus.existingSecretName | string | `nil` | Existing secret name that contains credentials for Prometheus |
|
||||
| opencost.prometheus.external.enabled | bool | `false` | Use external Prometheus (eg. Grafana Cloud) |
|
||||
| opencost.prometheus.external.url | string | `"https://prometheus.example.com/prometheus"` | External Prometheus url |
|
||||
| opencost.prometheus.internal.enabled | bool | `true` | Use in-cluster Prometheus |
|
||||
| opencost.prometheus.internal.namespaceName | string | `"prometheus-system"` | Namespace of in-cluster Prometheus |
|
||||
| opencost.prometheus.internal.port | int | `80` | Service port of in-cluster Prometheus |
|
||||
| opencost.prometheus.internal.serviceName | string | `"prometheus-server"` | Service name of in-cluster Prometheus |
|
||||
| opencost.prometheus.password | string | `""` | Prometheus Basic auth password |
|
||||
| opencost.prometheus.password_key | string | `"DB_BASIC_AUTH_PW"` | Key in the secret that references the password |
|
||||
| opencost.prometheus.secret_name | string | `nil` | Secret name that contains credentials for Prometheus |
|
||||
| opencost.prometheus.thanos.enabled | bool | `false` | |
|
||||
| opencost.prometheus.thanos.external.enabled | bool | `false` | |
|
||||
| opencost.prometheus.thanos.external.url | string | `"https://thanos-query.example.com/thanos"` | |
|
||||
| opencost.prometheus.thanos.internal.enabled | bool | `true` | |
|
||||
| opencost.prometheus.thanos.internal.namespaceName | string | `"opencost"` | |
|
||||
| opencost.prometheus.thanos.internal.port | int | `10901` | |
|
||||
| opencost.prometheus.thanos.internal.serviceName | string | `"my-thanos-query"` | |
|
||||
| opencost.prometheus.thanos.maxSourceResolution | string | `""` | |
|
||||
| opencost.prometheus.thanos.queryOffset | string | `""` | |
|
||||
| opencost.prometheus.username | string | `""` | Prometheus Basic auth username |
|
||||
| opencost.prometheus.username_key | string | `"DB_BASIC_AUTH_USERNAME"` | Key in the secret that references the username |
|
||||
| opencost.sigV4Proxy.extraEnv | string | `nil` | |
|
||||
| opencost.sigV4Proxy.host | string | `"aps-workspaces.us-west-2.amazonaws.com"` | |
|
||||
| opencost.sigV4Proxy.image | string | `"public.ecr.aws/aws-observability/aws-sigv4-proxy:latest"` | |
|
||||
| opencost.sigV4Proxy.imagePullPolicy | string | `"IfNotPresent"` | |
|
||||
| opencost.sigV4Proxy.name | string | `"aps"` | |
|
||||
| opencost.sigV4Proxy.port | int | `8005` | |
|
||||
| opencost.sigV4Proxy.region | string | `"us-west-2"` | |
|
||||
| opencost.sigV4Proxy.resources | object | `{}` | |
|
||||
| opencost.sigV4Proxy.securityContext | object | `{}` | |
|
||||
| opencost.tolerations | list | `[]` | Toleration labels for pod assignment |
|
||||
| opencost.topologySpreadConstraints | list | `[]` | Assign custom TopologySpreadConstraints rules |
|
||||
| opencost.ui.enabled | bool | `true` | Enable OpenCost UI |
|
||||
| opencost.ui.extraEnv | list | `[]` | A list of environment variables to be added to the pod |
|
||||
| opencost.ui.extraVolumeMounts | list | `[]` | A list of volume mounts to be added to the pod |
|
||||
| opencost.ui.image.fullImageName | string | `nil` | Override the full image name for development purposes |
|
||||
| opencost.ui.image.pullPolicy | string | `"IfNotPresent"` | UI container image pull policy |
|
||||
| opencost.ui.image.registry | string | `"ghcr.io"` | UI container image registry |
|
||||
| opencost.ui.image.repository | string | `"opencost/opencost-ui"` | UI container image name |
|
||||
| opencost.ui.image.tag | string | `""` (use appVersion in Chart.yaml) | UI container image tag |
|
||||
| opencost.ui.ingress.annotations | object | `{}` | Annotations for Ingress resource |
|
||||
| opencost.ui.ingress.enabled | bool | `false` | Ingress for OpenCost UI |
|
||||
| opencost.ui.ingress.hosts | list | See [values.yaml](values.yaml) | A list of host rules used to configure the Ingress |
|
||||
| opencost.ui.ingress.ingressClassName | string | `""` | Ingress controller which implements the resource |
|
||||
| opencost.ui.ingress.servicePort | string | `"http-ui"` | Redirect ingress to an extraPort defined on the service such as oauth-proxy |
|
||||
| opencost.ui.ingress.tls | list | `[]` | Ingress TLS configuration |
|
||||
| opencost.ui.livenessProbe.enabled | bool | `true` | Whether probe is enabled |
|
||||
| opencost.ui.livenessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
|
||||
| opencost.ui.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds before probe is initiated |
|
||||
| opencost.ui.livenessProbe.path | string | `"/healthz"` | Probe path |
|
||||
| opencost.ui.livenessProbe.periodSeconds | int | `10` | Probe frequency in seconds |
|
||||
| opencost.ui.readinessProbe.enabled | bool | `true` | Whether probe is enabled |
|
||||
| opencost.ui.readinessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
|
||||
| opencost.ui.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds before probe is initiated |
|
||||
| opencost.ui.readinessProbe.path | string | `"/healthz"` | Probe path |
|
||||
| opencost.ui.readinessProbe.periodSeconds | int | `10` | Probe frequency in seconds |
|
||||
| opencost.ui.resources.limits | object | `{"cpu":"999m","memory":"1Gi"}` | CPU/Memory resource limits |
|
||||
| opencost.ui.resources.requests | object | `{"cpu":"10m","memory":"55Mi"}` | CPU/Memory resource requests |
|
||||
| opencost.ui.securityContext | object | `{}` | The security options the container should be run with |
|
||||
| opencost.ui.uiPort | int | `9090` | |
|
||||
| plugins.configs | string | `nil` | |
|
||||
| plugins.enabled | bool | `false` | |
|
||||
| plugins.folder | string | `"/opt/opencost/plugin"` | |
|
||||
| plugins.install.enabled | bool | `true` | |
|
||||
| plugins.install.fullImageName | string | `"curlimages/curl:latest"` | |
|
||||
| plugins.install.securityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| plugins.install.securityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| plugins.install.securityContext.readOnlyRootFilesystem | bool | `true` | |
|
||||
| plugins.install.securityContext.runAsNonRoot | bool | `true` | |
|
||||
| plugins.install.securityContext.runAsUser | int | `1000` | |
|
||||
| plugins.install.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
| podAnnotations | object | `{}` | Annotations to add to the OpenCost Pod |
|
||||
| podLabels | object | `{}` | Labels to add to the OpenCost Pod |
|
||||
| podSecurityContext | object | `{}` | Holds pod-level security attributes and common container settings |
|
||||
| priorityClassName | string | `nil` | Pod priority |
|
||||
| rbac.enabled | bool | `true` | |
|
||||
| secretAnnotations | object | `{}` | Annotations to add to the Secret |
|
||||
| service.annotations | object | `{}` | Annotations to add to the service |
|
||||
| service.enabled | bool | `true` | |
|
||||
| service.extraPorts | list | `[]` | extra ports. Useful for sidecar pods such as oauth-proxy |
|
||||
| service.labels | object | `{}` | Labels to add to the service account |
|
||||
| service.loadBalancerSourceRanges | list | `[]` | LoadBalancer Source IP CIDR if service type is LoadBalancer and cloud provider supports this |
|
||||
| service.nodePort | object | `{}` | NodePort if service type is NodePort |
|
||||
| service.type | string | `"ClusterIP"` | Kubernetes Service type |
|
||||
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
|
||||
| serviceAccount.automountServiceAccountToken | bool | `true` | Whether pods running as this service account should have an API token automatically mounted |
|
||||
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
|
||||
| serviceAccount.name | string | `""` | |
|
||||
| updateStrategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":1},"type":"RollingUpdate"}` | Strategy to be used for the Deployment |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
|
||||
26
packages/system/opencost/charts/opencost/README.md.gotmpl
Normal file
26
packages/system/opencost/charts/opencost/README.md.gotmpl
Normal file
@@ -0,0 +1,26 @@
|
||||
{{ template "chart.header" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}
|
||||
{{ template "chart.typeBadge" . }}
|
||||
{{ template "chart.appVersionBadge" . }}
|
||||
[](https://artifacthub.io/packages/search?repo=opencost)
|
||||
[](https://artifacthub.io/packages/search?repo=opencost-oci)
|
||||
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `opencost`:
|
||||
|
||||
```console
|
||||
$ helm install opencost opencost/{{ template "chart.name" . }}
|
||||
```
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
{{ template "helm-docs.versionFooter" . }}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user