scottk/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-04-04 17:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: scottk:v0.15.0
Branches Tags
scottk:main scottk:feat/use-ocir-for-prs scottk:new-openapi-generator scottk:release-0.34 scottk:changelogs-release-v0.34.x scottk:tym83-patch-1 scottk:release-0.33 scottk:feat/select-k8s-fix-conflict scottk:victoria-metrics-upd scottk:69-integration-with-proxmox-paas-proxmox-bundle scottk:setup-env scottk:tests-w-resources scottk:hcloud scottk:experiment/cozystack-operator scottk:bugfix-make-kk-deletable scottk:platform-add-velero scottk:update-backup-restore-reference scottk:(backup)--backup-for-tenant-k8s-cluster scottk:idempotent-tests scottk:release-0.32 scottk:1084-tunable-tenant-monitoring scottk:bugfix-fix-pgdump-version scottk:release-0.31 scottk:changelogs-release-v0.32.2 scottk:cozypkg scottk:(tests)--add-air-gapped-tests scottk:519-cross-arch-components-core scottk:buildx scottk:use-shared-runners scottk:tests-kuber scottk:fix-versions-map scottk:kubernetes-test scottk:bats scottk:untie-ingress-certmanager scottk:prepare-0.31.0-rc.2 scottk:fix-genisoimage scottk:(air-gapped)--disable-fluxcd-artifact scottk:release-0.30 scottk:(platform)--add-artifact-for-flux scottk:build-repo scottk:(platform)--add-air-gapped-support scottk:platform-dependencies scottk:ingress-api scottk:release-0.30.5 scottk:ci-wait-capi scottk:ci-pull-request-target scottk:release-0.31.0-rc1 scottk:kubernetes-ubuntu-gpu scottk:(platform)--up-tenant-version scottk:802-apps-and-extra scottk:802-gen-versions-map-fix scottk:(ci)--fix-gen-versions-map scottk:(ci)--move-precommit-job-to-selfhosted-runner scottk:fix-tests scottk:fix/integer-replicas scottk:upd-testing scottk:release-0.28 scottk:release-v0.28.2 scottk:release-v0.28.1 scottk:71-configure-github-ci scottk:fix-kubeovn-cert scottk:cilium-disable-antispoofing scottk:talos-firmwares scottk:tinkerbell scottk:maintainers scottk:secureboot scottk:openshift-console scottk:add-tests-refactor scottk:release-0.16 scottk:cdi-scratch scottk:add-kafka-exporter scottk:upd-seaweedfs scottk:kubermatic-alerts scottk:fix-etcd-sc scottk:guacamole scottk:grafana-oncall scottk:cilium-hostlegacy scottk:upd-screenshots scottk:upd-kamaji-2 scottk:release-0.10 scottk:release-0.10.3 scottk:seaweedfs-operator scottk:release-0.10.2 scottk:release-0.9 scottk:nats-operator scottk:173-airgapped scottk:kube-ovn-image scottk:fix-external-traffc-policy scottk:upd-kube-ovn scottk:fix-dns scottk:fix-kamaji scottk:fix-kubernetes scottk:fix-cluster-local scottk:etcd-quota-backend-bytes scottk:cilium-new scottk:mariadb-operator-new scottk:openapi-schema-generation scottk:etcd-operator scottk:release-0.1.0v2 scottk:fix-tolerations scottk:release-0.4.0 scottk:proxmox-csi scottk:replicas scottk:upd-kubeapps scottk:fix-old-versions scottk:flux-client-side-apply scottk:dynamic-tags scottk:release-v0.3.1 scottk:release-0.3.0 scottk:clickhouse-operator-1 scottk:fix-kamaji-etcd scottk:grafana-ingress-class scottk:clickhouse-app scottk:hetzner scottk:kafka-app scottk:kafka-clickhouse-apps scottk:clickhouse-operator scottk:kafka-operator scottk:release-0.2.0 scottk:rename-bundles scottk:versioning-helm-chart scottk:fix-cilium scottk:enhance-flux scottk:fix-full-distro scottk:fix-chicken-and-egg-problem scottk:fix-cilium-toleration scottk:fix-helm-build scottk:bundles scottk:mariadb-operator scottk:kube-ovn scottk:cilium scottk:cnpg scottk:linstor scottk:roadmap scottk:framework scottk:release-0.1.0 scottk:fix-redis scottk:leader-election scottk:project-documents scottk:release-v0.0.2 scottk:mvp
scottk:v0.34.0-beta.3 scottk:v0.34.0-rc.1 scottk:v0.33.3 scottk:v0.34.0-beta.2 scottk:v0.34.0-beta.1 scottk:v0.33.2 scottk:v0.33.1 scottk:v0.33.0 scottk:v0.32.1 scottk:v0.32.0 scottk:v0.31.2 scottk:v0.32.0-beta.2 scottk:v0.32.0-beta.1 scottk:v0.31.1 scottk:v0.31.0 scottk:v0.31.0-rc.3 scottk:v0.31.0-rc.2 scottk:v0.30.6 scottk:v0.31.0-alpha.0 scottk:v0.30.5 scottk:v0.31.0-rc.1 scottk:v0.31.0-rc1 scottk:v0.30.4 scottk:v0.30.3 scottk:v0.30.2 scottk:v0.30.1 scottk:0.30.1 scottk:v0.30.0 scottk:v0.29.1 scottk:v0.29.0 scottk:v0.28.2 scottk:v0.28.1 scottk:v0.28.0 scottk:v0.27.0 scottk:v0.26.1 scottk:v0.26.0 scottk:v0.25.3 scottk:v0.25.2 scottk:v0.25.1 scottk:v0.25.0 scottk:v0.24.1 scottk:v0.24.0 scottk:v0.23.1 scottk:v0.23.0 scottk:v0.22.0 scottk:v0.21.1 scottk:v0.21.0 scottk:v0.20.2 scottk:v0.20.1 scottk:v0.20.0 scottk:v0.19.0 scottk:v0.18.0 scottk:v0.17.1 scottk:v0.17.0 scottk:v0.16.5 scottk:v0.16.4 scottk:v0.16.3 scottk:v0.16.2 scottk:v0.16.1 scottk:v0.16.0 scottk:v0.15.0 scottk:v0.14.1 scottk:v0.14.0 scottk:v0.13.0 scottk:v0.12.0 scottk:v0.11.0 scottk:v0.10.4 scottk:v0.10.3 scottk:v0.10.2 scottk:v0.10.1 scottk:v0.10.0 scottk:v0.9.1 scottk:v0.9.0 scottk:v0.8.0 scottk:v0.7.0 scottk:v0.6.0 scottk:v0.5.0 scottk:v0.4.0 scottk:v0.3.1 scottk:v0.3.0 scottk:v0.2.0 scottk:v0.1.0 scottk:v0.0.1
..
compare: scottk:grafana-oncall
Branches Tags
scottk:main scottk:feat/use-ocir-for-prs scottk:new-openapi-generator scottk:release-0.34 scottk:changelogs-release-v0.34.x scottk:tym83-patch-1 scottk:release-0.33 scottk:feat/select-k8s-fix-conflict scottk:victoria-metrics-upd scottk:69-integration-with-proxmox-paas-proxmox-bundle scottk:setup-env scottk:tests-w-resources scottk:hcloud scottk:experiment/cozystack-operator scottk:bugfix-make-kk-deletable scottk:platform-add-velero scottk:update-backup-restore-reference scottk:(backup)--backup-for-tenant-k8s-cluster scottk:idempotent-tests scottk:release-0.32 scottk:1084-tunable-tenant-monitoring scottk:bugfix-fix-pgdump-version scottk:release-0.31 scottk:changelogs-release-v0.32.2 scottk:cozypkg scottk:(tests)--add-air-gapped-tests scottk:519-cross-arch-components-core scottk:buildx scottk:use-shared-runners scottk:tests-kuber scottk:fix-versions-map scottk:kubernetes-test scottk:bats scottk:untie-ingress-certmanager scottk:prepare-0.31.0-rc.2 scottk:fix-genisoimage scottk:(air-gapped)--disable-fluxcd-artifact scottk:release-0.30 scottk:(platform)--add-artifact-for-flux scottk:build-repo scottk:(platform)--add-air-gapped-support scottk:platform-dependencies scottk:ingress-api scottk:release-0.30.5 scottk:ci-wait-capi scottk:ci-pull-request-target scottk:release-0.31.0-rc1 scottk:kubernetes-ubuntu-gpu scottk:(platform)--up-tenant-version scottk:802-apps-and-extra scottk:802-gen-versions-map-fix scottk:(ci)--fix-gen-versions-map scottk:(ci)--move-precommit-job-to-selfhosted-runner scottk:fix-tests scottk:fix/integer-replicas scottk:upd-testing scottk:release-0.28 scottk:release-v0.28.2 scottk:release-v0.28.1 scottk:71-configure-github-ci scottk:fix-kubeovn-cert scottk:cilium-disable-antispoofing scottk:talos-firmwares scottk:tinkerbell scottk:maintainers scottk:secureboot scottk:openshift-console scottk:add-tests-refactor scottk:release-0.16 scottk:cdi-scratch scottk:add-kafka-exporter scottk:upd-seaweedfs scottk:kubermatic-alerts scottk:fix-etcd-sc scottk:guacamole scottk:grafana-oncall scottk:cilium-hostlegacy scottk:upd-screenshots scottk:upd-kamaji-2 scottk:release-0.10 scottk:release-0.10.3 scottk:seaweedfs-operator scottk:release-0.10.2 scottk:release-0.9 scottk:nats-operator scottk:173-airgapped scottk:kube-ovn-image scottk:fix-external-traffc-policy scottk:upd-kube-ovn scottk:fix-dns scottk:fix-kamaji scottk:fix-kubernetes scottk:fix-cluster-local scottk:etcd-quota-backend-bytes scottk:cilium-new scottk:mariadb-operator-new scottk:openapi-schema-generation scottk:etcd-operator scottk:release-0.1.0v2 scottk:fix-tolerations scottk:release-0.4.0 scottk:proxmox-csi scottk:replicas scottk:upd-kubeapps scottk:fix-old-versions scottk:flux-client-side-apply scottk:dynamic-tags scottk:release-v0.3.1 scottk:release-0.3.0 scottk:clickhouse-operator-1 scottk:fix-kamaji-etcd scottk:grafana-ingress-class scottk:clickhouse-app scottk:hetzner scottk:kafka-app scottk:kafka-clickhouse-apps scottk:clickhouse-operator scottk:kafka-operator scottk:release-0.2.0 scottk:rename-bundles scottk:versioning-helm-chart scottk:fix-cilium scottk:enhance-flux scottk:fix-full-distro scottk:fix-chicken-and-egg-problem scottk:fix-cilium-toleration scottk:fix-helm-build scottk:bundles scottk:mariadb-operator scottk:kube-ovn scottk:cilium scottk:cnpg scottk:linstor scottk:roadmap scottk:framework scottk:release-0.1.0 scottk:fix-redis scottk:leader-election scottk:project-documents scottk:release-v0.0.2 scottk:mvp
scottk:v0.34.0-beta.3 scottk:v0.34.0-rc.1 scottk:v0.33.3 scottk:v0.34.0-beta.2 scottk:v0.34.0-beta.1 scottk:v0.33.2 scottk:v0.33.1 scottk:v0.33.0 scottk:v0.32.1 scottk:v0.32.0 scottk:v0.31.2 scottk:v0.32.0-beta.2 scottk:v0.32.0-beta.1 scottk:v0.31.1 scottk:v0.31.0 scottk:v0.31.0-rc.3 scottk:v0.31.0-rc.2 scottk:v0.30.6 scottk:v0.31.0-alpha.0 scottk:v0.30.5 scottk:v0.31.0-rc.1 scottk:v0.31.0-rc1 scottk:v0.30.4 scottk:v0.30.3 scottk:v0.30.2 scottk:v0.30.1 scottk:0.30.1 scottk:v0.30.0 scottk:v0.29.1 scottk:v0.29.0 scottk:v0.28.2 scottk:v0.28.1 scottk:v0.28.0 scottk:v0.27.0 scottk:v0.26.1 scottk:v0.26.0 scottk:v0.25.3 scottk:v0.25.2 scottk:v0.25.1 scottk:v0.25.0 scottk:v0.24.1 scottk:v0.24.0 scottk:v0.23.1 scottk:v0.23.0 scottk:v0.22.0 scottk:v0.21.1 scottk:v0.21.0 scottk:v0.20.2 scottk:v0.20.1 scottk:v0.20.0 scottk:v0.19.0 scottk:v0.18.0 scottk:v0.17.1 scottk:v0.17.0 scottk:v0.16.5 scottk:v0.16.4 scottk:v0.16.3 scottk:v0.16.2 scottk:v0.16.1 scottk:v0.16.0 scottk:v0.15.0 scottk:v0.14.1 scottk:v0.14.0 scottk:v0.13.0 scottk:v0.12.0 scottk:v0.11.0 scottk:v0.10.4 scottk:v0.10.3 scottk:v0.10.2 scottk:v0.10.1 scottk:v0.10.0 scottk:v0.9.1 scottk:v0.9.0 scottk:v0.8.0 scottk:v0.7.0 scottk:v0.6.0 scottk:v0.5.0 scottk:v0.4.0 scottk:v0.3.1 scottk:v0.3.0 scottk:v0.2.0 scottk:v0.1.0 scottk:v0.0.1

1 Commits
v0.15.0 ... grafana-on

Author SHA1 Message Date
Andrei Kvapil
4cac2191ea Grafana OnCall 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
 2024-09-06 12:58:32 +02:00
139 changed files with 21819 additions and 17928 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

77
.gitignore vendored
View File

@@ -1,78 +1,3 @@
_out
.git
.idea
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
.DS_Store
**/.DS_Store
.idea

3
Makefile
View File

@@ -2,9 +2,6 @@
build:
make -C packages/apps/http-cache image
make -C packages/apps/postgres image
make -C packages/apps/mysql image
make -C packages/apps/clickhouse image
make -C packages/apps/kubernetes image
make -C packages/system/cilium image
make -C packages/system/kubeovn image

2
hack/gen_versions_map.sh
View File

@@ -46,7 +46,7 @@ resolved_miss_map=$(
# Check if the commit belongs to the main branch
if ! git merge-base --is-ancestor "$commit" main; then
# Find the closest parent commit that belongs to main
commit_in_main=$(git log --pretty=format:"%h" main -- "$chart" | head -n 1)
commit_in_main=$(git log --pretty=format:"%H" main -- "$chart/Chart.yaml" | head -n 1)
if [ -n "$commit_in_main" ]; then
commit="$commit_in_main"
else

4
manifests/cozystack-installer.yaml
View File

@@ -68,7 +68,7 @@ spec:
serviceAccountName: cozystack
containers:
- name: cozystack
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.15.0"
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.0"
env:
- name: KUBERNETES_SERVICE_HOST
value: localhost
@@ -87,7 +87,7 @@ spec:
fieldRef:
fieldPath: metadata.name
- name: darkhttpd
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.15.0"
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.0"
command:
- /usr/bin/darkhttpd
- /cozystack/assets

2
packages/apps/clickhouse/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.5.0
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

16
packages/apps/clickhouse/Makefile
View File

@@ -1,20 +1,4 @@
CLICKHOUSE_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
include ../../../scripts/common-envs.mk
include ../../../scripts/package.mk
generate:
readme-generator -v values.yaml -s values.schema.json -r README.md
image:
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/clickhouse-backup \
--provenance false \
--tag $(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG)) \
--cache-from type=registry,ref=$(REGISTRY)/clickhouse-backup:latest \
--cache-to type=inline \
--metadata-file images/clickhouse-backup.json \
--push=$(PUSH) \
--load=$(LOAD)
echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \
> images/clickhouse-backup.tag
rm -f images/clickhouse-backup.json

28
packages/apps/clickhouse/README.md
View File

@@ -1,20 +1,5 @@
# Managed Clickhouse Service
### How to restore backup:
find snapshot:
```
restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
```
restore:
```
restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
```
more details:
- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
## Parameters
### Common parameters
@@ -31,16 +16,3 @@ more details:
| Name | Description | Value |
| ------- | ------------------- | ----- |
| `users` | Users configuration | `{}` |
### Backup parameters
| Name | Description | Value |
| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
| `backup.enabled` | Enable pereiodic backups | `false` |
| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` |
| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` |
| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` |
| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` |
| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` |
| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` |

1
packages/apps/clickhouse/images/clickhouse-backup.tag
View File

@@ -1 +0,0 @@
ghcr.io/aenix-io/cozystack/clickhouse-backup:0.5.0@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61

2
packages/apps/clickhouse/images/clickhouse-backup/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM clickhouse/clickhouse-server:24.8.4-alpine
RUN apk add --no-cache restic uuidgen

95
packages/apps/clickhouse/templates/backup-cronjob.yaml
View File

@@ -1,95 +0,0 @@
{{- if .Values.backup.enabled }}
{{ $image := .Files.Get "images/backup.json" | fromJson }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .Release.Name }}-backup
spec:
schedule: "{{ .Values.backup.schedule }}"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 2
template:
spec:
restartPolicy: OnFailure
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }}
spec:
imagePullSecrets:
- name: {{ .Release.Name }}-regsecret
restartPolicy: Never
containers:
- name: clickhouse-backup
image: "{{ $.Files.Get "images/clickhouse-backup.tag" | trim }}"
command:
- /bin/sh
- -x
- /scripts/backup.sh
env:
- name: REPO_PREFIX
value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }}
- name: CLEANUP_STRATEGY
value: {{ required "cleanupPolicy is not specified!" .Values.backup.cleanupStrategy | quote }}
- name: CLICKHOUSE_USER
value: backup
- name: CLICKHOUSE_HOST
value: chi-{{ .Release.Name }}-clickhouse-0-0
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-credentials
key: backup
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-backup
key: s3AccessKey
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-backup
key: s3SecretKey
- name: AWS_DEFAULT_REGION
value: {{ .Values.backup.s3Region }}
- name: RESTIC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-backup
key: resticPassword
volumeMounts:
- mountPath: /scripts
name: scripts
- mountPath: /tmp
name: tmp
- mountPath: /.cache
name: cache
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
volumes:
- name: scripts
secret:
secretName: {{ .Release.Name }}-backup-script
- name: tmp
emptyDir: {}
- name: cache
emptyDir: {}
securityContext:
runAsNonRoot: true
runAsUser: 9000
runAsGroup: 9000
seccompProfile:
type: RuntimeDefault
{{- end }}

55
packages/apps/clickhouse/templates/backup-script.yaml
View File

@@ -1,55 +0,0 @@
{{- if .Values.backup.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-backup-script
stringData:
backup.sh: |
#!/bin/sh
set -e
set -o pipefail
JOB_ID="job-$(uuidgen|cut -f1 -d-)"
TABLE_LIST=$(clickhouse-client --host "$CLICKHOUSE_HOST" -q 'SHOW TABLES;' | grep -v '^.inner.' || true)
echo DB_LIST=$(echo "$TABLE_LIST" | shuf) # shuffle list
echo "Job ID: $JOB_ID"
echo "Target repo: $REPO_PREFIX"
echo "Cleanup strategy: $CLEANUP_STRATEGY"
echo "Start backup for:"
echo "$TABLE_LIST"
echo
echo "Backup started at `date +%Y-%m-%d\ %H:%M:%S`"
for table in $TABLE_LIST; do
(
set -x
restic -r "s3:${REPO_PREFIX}/$table" cat config >/dev/null 2>&1 || \
restic -r "s3:${REPO_PREFIX}/$table" init --repository-version 2
restic -r "s3:${REPO_PREFIX}/$table" unlock --remove-all >/dev/null 2>&1 || true # no locks, k8s takes care of it
clickhouse-client --host "$CLICKHOUSE_HOST" -q "SHOW CREATE TABLE ${table}" | awk '{gsub(/\\n/, "\n")} {gsub(/\\'\''/, "'\''")} 1' | \
restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag index --stdin --stdin-filename index.sql
clickhouse-client --host "$CLICKHOUSE_HOST" -q "SELECT * FROM ${table} FORMAT TabSeparated" | \
restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag data --stdin --stdin-filename data.tsv
restic -r "s3:${REPO_PREFIX}/$table" tag --tag "$JOB_ID" --set "completed"
)
done
echo "Backup finished at `date +%Y-%m-%d\ %H:%M:%S`"
echo
echo "Run cleanup:"
echo
echo "Cleanup started at `date +%Y-%m-%d\ %H:%M:%S`"
for db in $DB_LIST; do
(
set -x
# keep completed snapshots only
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag index
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag data
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag index
restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag data
restic prune -r "s3:${REPO_PREFIX}/$db"
)
done
echo "Cleanup finished at `date +%Y-%m-%d\ %H:%M:%S`"
{{- end }}

11
packages/apps/clickhouse/templates/backup-secret.yaml
View File

@@ -1,11 +0,0 @@
{{- if .Values.backup.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-backup
stringData:
s3AccessKey: {{ required "s3AccessKey is not specified!" .Values.backup.s3AccessKey }}
s3SecretKey: {{ required "s3SecretKey is not specified!" .Values.backup.s3SecretKey }}
resticPassword: {{ required "resticPassword is not specified!" .Values.backup.resticPassword }}
{{- end }}

8
packages/apps/clickhouse/templates/clickhouse.yaml
View File

@@ -1,7 +1,5 @@
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
{{- $passwords := dict }}
{{- $users := .Values.users }}
{{- $_ := set $users "backup" dict }}
{{- with (index $existingSecret "data") }}
{{- range $k, $v := . }}
@@ -9,7 +7,7 @@
{{- end }}
{{- end }}
{{- range $user, $u := $users }}
{{- range $user, $u := .Values.users }}
{{- if $u.password }}
{{- $_ := set $passwords $user $u.password }}
{{- else if not (index $passwords $user) }}
@@ -17,6 +15,7 @@
{{- end }}
{{- end }}
{{- if .Values.users }}
apiVersion: v1
kind: Secret
metadata:
@@ -25,6 +24,7 @@ stringData:
{{- range $user, $u := .Values.users }}
{{ quote $user }}: {{ quote (index $passwords $user) }}
{{- end }}
{{- end }}
---
apiVersion: "clickhouse.altinity.com/v1"
@@ -38,7 +38,7 @@ spec:
dataVolumeClaimTemplate: data-volume-template
{{- end }}
configuration:
{{- with $users }}
{{- with .Values.users }}
users:
{{- range $name, $u := . }}
{{ $name }}/password_sha256_hex: {{ sha256sum (index $passwords $name) }}

45
packages/apps/clickhouse/values.schema.json
View File

@@ -21,51 +21,6 @@
"type": "string",
"description": "StorageClass used to store the data",
"default": ""
},
"backup": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable pereiodic backups",
"default": false
},
"s3Region": {
"type": "string",
"description": "The AWS S3 region where backups are stored",
"default": "us-east-1"
},
"s3Bucket": {
"type": "string",
"description": "The S3 bucket used for storing backups",
"default": "s3.example.org/clickhouse-backups"
},
"schedule": {
"type": "string",
"description": "Cron schedule for automated backups",
"default": "0 2 * * *"
},
"cleanupStrategy": {
"type": "string",
"description": "The strategy for cleaning up old backups",
"default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
},
"s3AccessKey": {
"type": "string",
"description": "The access key for S3, used for authentication",
"default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
},
"s3SecretKey": {
"type": "string",
"description": "The secret key for S3, used for authentication",
"default": "ju3eum4dekeich9ahM1te8waeGai0oog"
},
"resticPassword": {
"type": "string",
"description": "The password for Restic backup encryption",
"default": "ChaXoveekoh6eigh4siesheeda2quai0"
}
}
}
}
}

20
packages/apps/clickhouse/values.yaml
View File

@@ -22,23 +22,3 @@ storageClass: ""
## password: hackme
##
users: {}
## @section Backup parameters
## @param backup.enabled Enable pereiodic backups
## @param backup.s3Region The AWS S3 region where backups are stored
## @param backup.s3Bucket The S3 bucket used for storing backups
## @param backup.schedule Cron schedule for automated backups
## @param backup.cleanupStrategy The strategy for cleaning up old backups
## @param backup.s3AccessKey The access key for S3, used for authentication
## @param backup.s3SecretKey The secret key for S3, used for authentication
## @param backup.resticPassword The password for Restic backup encryption
backup:
enabled: false
s3Region: us-east-1
s3Bucket: s3.example.org/clickhouse-backups
schedule: "0 2 * * *"
cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
resticPassword: ChaXoveekoh6eigh4siesheeda2quai0

1
packages/apps/ferretdb/images/postgres-backup.tag
View File

@@ -1 +0,0 @@
ghcr.io/aenix-io/cozystack/postgres-backup:0.6.2@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1

4
packages/apps/ferretdb/templates/backup-cronjob.yaml
View File

@@ -24,8 +24,8 @@ spec:
spec:
restartPolicy: Never
containers:
- name: pgdump
image: "{{ $.Files.Get "images/postgres-backup.tag" | trim }}"
- name: mysqldump
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
command:
- /bin/sh
- /scripts/backup.sh

4
packages/apps/http-cache/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: http-cache
description: Layer7 load balancer and caching service
description: Layer7 load balacner and caching service
icon: /logos/nginx.svg
# A chart can be either an 'application' or a 'library' chart.
@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.1
version: 0.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

3
packages/apps/http-cache/Makefile
View File

@@ -1,4 +1,4 @@
NGINX_CACHE_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
NGINX_CACHE_TAG = v0.1.0
include ../../../scripts/common-envs.mk
include ../../../scripts/package.mk
@@ -9,6 +9,7 @@ image-nginx:
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/nginx-cache \
--provenance false \
--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)-$(TAG)) \
--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
--cache-to type=inline \
--metadata-file images/nginx-cache.json \

2
packages/apps/http-cache/images/nginx-cache.tag
View File

@@ -1 +1 @@
ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:556bc8d29ee9e90b3d64d0481dcfc66483d055803315bba3d9ece17c0d97f32b
ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:556bc8d29ee9e90b3d64d0481dcfc66483d055803315bba3d9ece17c0d97f32b

2
packages/apps/mysql/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.5.1
version: 0.5.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

16
packages/apps/mysql/Makefile
View File

@@ -1,20 +1,4 @@
MARIADB_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
include ../../../scripts/common-envs.mk
include ../../../scripts/package.mk
generate:
readme-generator -v values.yaml -s values.schema.json -r README.md
image:
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/mariadb-backup \
--provenance false \
--tag $(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG)) \
--cache-from type=registry,ref=$(REGISTRY)/mariadb-backup:latest \
--cache-to type=inline \
--metadata-file images/mariadb-backup.json \
--push=$(PUSH) \
--load=$(LOAD)
echo "$(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/mariadb-backup.json -o json -r)" \
> images/mariadb-backup.tag
rm -f images/mariadb-backup.json

1
packages/apps/mysql/images/mariadb-backup.tag
View File

@@ -1 +0,0 @@
ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.1@sha256:fa2b3195521cffa55eb6d71a50b875d3c234a45e5dff71b2b9002674175bea93

2
packages/apps/mysql/images/mariadb-backup/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine:3.20
RUN apk add --no-cache mariadb-client uuidgen restic

2
packages/apps/mysql/templates/backup-cronjob.yaml
View File

@@ -27,7 +27,7 @@ spec:
restartPolicy: Never
containers:
- name: mysqldump
image: "{{ $.Files.Get "images/mariadb-backup.tag" | trim }}"
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
command:
- /bin/sh
- /scripts/backup.sh

2
packages/apps/postgres/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.6.2
version: 0.6.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

17
packages/apps/postgres/Makefile
View File

@@ -1,21 +1,4 @@
POSTGRES_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
include ../../../scripts/common-envs.mk
include ../../../scripts/package.mk
generate:
readme-generator -v values.yaml -s values.schema.json -r README.md
image:
docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/postgres-backup \
--provenance false \
--tag $(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG)) \
--cache-from type=registry,ref=$(REGISTRY)/postgres-backup:latest \
--cache-to type=inline \
--metadata-file images/postgres-backup.json \
--push=$(PUSH) \
--load=$(LOAD)
echo "$(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/postgres-backup.json -o json -r)" \
> images/postgres-backup.tag
cp images/postgres-backup.tag ../ferretdb/images/
rm -f images/postgres-backup.json

1
packages/apps/postgres/images/postgres-backup.tag
View File

@@ -1 +0,0 @@
ghcr.io/aenix-io/cozystack/postgres-backup:0.6.2@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1

2
packages/apps/postgres/images/postgres-backup/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine:3.20
RUN apk add --no-cache postgresql16-client uuidgen restic

4
packages/apps/postgres/templates/backup-cronjob.yaml
View File

@@ -26,8 +26,8 @@ spec:
- name: {{ .Release.Name }}-regsecret
restartPolicy: Never
containers:
- name: pgdump
image: "{{ $.Files.Get "images/postgres-backup.tag" | trim }}"
- name: mysqldump
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
command:
- /bin/sh
- /scripts/backup.sh

2
packages/apps/rabbitmq/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.4.1
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

8
packages/apps/rabbitmq/templates/rabbitmq.yaml
View File

@@ -12,14 +12,6 @@ spec:
type: LoadBalancer
{{- end }}
override:
statefulSet:
spec:
template:
metadata:
labels:
policy.cozystack.io/allow-to-apiserver: "true"
persistence:
{{- with .Values.storageClass }}
storageClassName: {{ . }}

15
packages/apps/versions_map
View File

@@ -3,8 +3,7 @@ clickhouse 0.1.0 ca79f72
clickhouse 0.2.0 7cd7de73
clickhouse 0.2.1 5ca8823
clickhouse 0.3.0 b00621e
clickhouse 0.4.0 320fc32
clickhouse 0.5.0 HEAD
clickhouse 0.4.0 HEAD
ferretdb 0.1.0 4ffa8615
ferretdb 0.1.1 5ca8823
ferretdb 0.2.0 adaf603
@@ -12,8 +11,7 @@ ferretdb 0.3.0 aa2f553
ferretdb 0.4.0 HEAD
http-cache 0.1.0 a956713
http-cache 0.2.0 5ca8823
http-cache 0.3.0 fab5940
http-cache 0.3.1 HEAD
http-cache 0.3.0 HEAD
kafka 0.1.0 760f86d2
kafka 0.2.0 a2cc83d
kafka 0.2.1 3ac17018
@@ -36,8 +34,7 @@ mysql 0.1.0 f642698
mysql 0.2.0 8b975ff0
mysql 0.3.0 5ca8823
mysql 0.4.0 93018c4
mysql 0.5.0 4b84798
mysql 0.5.1 HEAD
mysql 0.5.0 HEAD
nats 0.1.0 5ca8823
nats 0.2.0 HEAD
postgres 0.1.0 f642698
@@ -47,13 +44,11 @@ postgres 0.3.0 995dea6f
postgres 0.4.0 ec283c33
postgres 0.4.1 5ca8823
postgres 0.5.0 c07c4bbd
postgres 0.6.0 2a4768a
postgres 0.6.2 HEAD
postgres 0.6.0 HEAD
rabbitmq 0.1.0 f642698
rabbitmq 0.2.0 5ca8823
rabbitmq 0.3.0 9e33dc0
rabbitmq 0.4.0 36d8855
rabbitmq 0.4.1 HEAD
rabbitmq 0.4.0 HEAD
redis 0.1.1 f642698
redis 0.2.0 5ca8823
redis 0.3.0 HEAD

4
packages/core/installer/Makefile
View File

@@ -54,9 +54,9 @@ image-matchbox:
--load=$(LOAD)
rm -f images/matchbox.json
assets: talos-iso talos-nocloud talos-metal
assets: talos-iso talos-nocloud
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud:
mkdir -p ../../../_out/assets
cat images/talos/profiles/$(subst talos-,,$@).yaml | \
docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \

6
packages/core/installer/hack/gen-profiles.sh
View File

@@ -2,7 +2,7 @@
set -e
set -u
PROFILES="initramfs kernel iso installer nocloud metal"
PROFILES="initramfs kernel iso installer nocloud"
FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
EXTENSIONS="drbd zfs"
@@ -32,10 +32,10 @@ done
for profile in $PROFILES; do
echo "writing profile images/talos/profiles/$profile.yaml"
if [ "$profile" = "nocloud" ] || [ "$profile" = "metal" ]; then
if [ "$profile" = "nocloud" ]; then
image_options="{ diskSize: 1306525696, diskFormat: raw }"
out_format=".xz"
platform="$profile"
platform="nocloud"
kind="image"
else
image_options="{}"

14
packages/core/installer/images/talos/profiles/initramfs.yaml
View File

@@ -12,13 +12,13 @@ input:
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:

14
packages/core/installer/images/talos/profiles/installer.yaml
View File

@@ -12,13 +12,13 @@ input:
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:

14
packages/core/installer/images/talos/profiles/iso.yaml
View File

@@ -12,13 +12,13 @@ input:
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:

14
packages/core/installer/images/talos/profiles/kernel.yaml
View File

@@ -12,13 +12,13 @@ input:
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:

27
packages/core/installer/images/talos/profiles/metal.yaml
View File

@@ -1,27 +0,0 @@
# this file generated by hack/gen-profiles.sh
# do not edit it
arch: amd64
platform: metal
secureboot: false
version: v1.7.6
input:
kernel:
path: /usr/install/amd64/vmlinuz
initramfs:
path: /usr/install/amd64/initramfs.xz
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:
kind: image
imageOptions: { diskSize: 1306525696, diskFormat: raw }
outFormat: .xz

14
packages/core/installer/images/talos/profiles/nocloud.yaml
View File

@@ -12,13 +12,13 @@ input:
baseInstaller:
imageRef: ghcr.io/siderolabs/installer:v1.7.6
systemExtensions:
- imageRef: ghcr.io/siderolabs/amd-ucode:20240811
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240811
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240811
- imageRef: ghcr.io/siderolabs/i915-ucode:20240811
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240811
- imageRef: ghcr.io/siderolabs/intel-ucode:20240813
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240811
- imageRef: ghcr.io/siderolabs/amd-ucode:20240709
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240709
- imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240709
- imageRef: ghcr.io/siderolabs/i915-ucode:20240709
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240709
- imageRef: ghcr.io/siderolabs/intel-ucode:20240531
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20240709
- imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.6
- imageRef: ghcr.io/siderolabs/zfs:2.2.4-v1.7.6
output:

2
packages/core/installer/values.yaml
View File

@@ -1,2 +1,2 @@
cozystack:
image: ghcr.io/aenix-io/cozystack/cozystack:v0.15.0@sha256:aeff26a80f84b4323578e613b3bf03caa842d617ec8d9ca98706867c1e70609f
image: ghcr.io/aenix-io/cozystack/cozystack:v0.14.0@sha256:5a0269683feb4fff24e9044a41453dbedbc857ad450102b275e1d05aa3aec081

2
packages/core/testing/values.yaml
View File

@@ -1,2 +1,2 @@
e2e:
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.15.0@sha256:20cc84e4a11db31434881355c070113a7823501a28a6114ca02830b18607ad21
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.14.0@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791

28
packages/extra/monitoring/templates/grafana/grafana.yaml
View File

@@ -56,7 +56,7 @@ spec:
mountPath: /var/lib/grafana
containers:
- name: grafana
image: grafana/grafana:10.1.0
image: grafana/grafana:11.2.0
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
@@ -64,7 +64,7 @@ spec:
failureThreshold: 3
env:
- name: GF_INSTALL_PLUGINS
value: grafana-worldmap-panel,flant-statusmap-panel,grafana-oncall-app,natel-discrete-panel
value: grafana-worldmap-panel,flant-statusmap-panel,grafana-oncall-app,natel-discrete-panel,grafana-oncall-app
- name: ONCALL_API_URL
value: http://grafana-oncall-engine:8080
- name: GF_DATABASE_HOST
@@ -87,6 +87,13 @@ spec:
secretKeyRef:
key: password
name: grafana-admin-password
volumeMounts:
- name: grafana-plugins
mountPath: /usr/share/grafana/conf/provisioning/plugins/
volumes:
- name: grafana-plugins
configMap:
name: grafana-plugins-provisioning
ingress:
metadata:
annotations:
@@ -109,3 +116,20 @@ spec:
- hosts:
- "{{ .Values.host | default (printf "grafana.%s" $host) }}"
secretName: grafana-ingress-tls
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-plugins-provisioning
data:
on-call.yaml: |
apiVersion: 1
apps:
- type: grafana-oncall-app
name: grafana-oncall-app
version: v1.9.0
disabled: false
jsonData:
grafanaUrl: "https://grafana.infra.aenix.org"
license: "OpenSource"
onCallApiUrl: "http://grafana-oncall-engine:8080"

4
packages/extra/monitoring/templates/oncall/oncall-release.yaml
View File

@@ -24,7 +24,7 @@ spec:
oncall:
fullnameOverride: grafana-oncall
externalGrafana:
url: "https://{{ .Values.host | default (printf "grafana.%s" $host) }}/"
url: "http://grafana-service:3000"
externalPostgresql:
host: grafana-oncall-db-rw
@@ -35,6 +35,6 @@ spec:
externalRedis:
host: rfrm-grafana-oncall
existingSecret: {{ .Release.Name }}-oncall-redis-password
existingSecret: grafana-oncall-redis-password
passwordKey: password
{{- end }}

2
packages/extra/monitoring/templates/vm/vmalertmanager.yaml
View File

@@ -18,7 +18,7 @@ stringData:
receivers:
- name: 'webhook'
webhook_configs:
- url: http://{{ .Release.Name }}-oncall-engine.{{ .Release.Namespace }}.svc:8080/integrations/v1/alertmanager/Kjb2NWxxSlgGtxz9F4ihovQBB/
- url: http://grafana-oncall-engine:8080/integrations/v1/alertmanager/fD8cZuXGPvDyQSNYbUwJgHB6H/
---
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMAlertmanager

1
packages/system/cilium/values-kubeovn.yaml
View File

@@ -2,6 +2,7 @@ cilium:
sctp:
enabled: true
autoDirectNodeRoutes: false
kubeProxyReplacement: true
bpf:
masquerade: false
cni:

1
packages/system/cilium/values.yaml
View File

@@ -1,5 +1,4 @@
cilium:
kubeProxyReplacement: true
hubble:
enabled: false
externalIPs:

6
packages/system/dashboard/values.yaml
View File

@@ -33,11 +33,11 @@ kubeapps:
image:
registry: ghcr.io/aenix-io/cozystack
repository: dashboard
tag: v0.15.0
tag: v0.14.0
digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
kubeappsapis:
image:
registry: ghcr.io/aenix-io/cozystack
repository: kubeapps-apis
tag: v0.15.0
digest: "sha256:70c095c8f7e3ecfa11433a3a2c8f57f6ff5a0053f006939a2c171c180cc50baf"
tag: v0.14.0
digest: "sha256:7918268647b8f4862f312df9ba42e9edfd2f703223259e2e8b9e02da1ad71cc4"

2
packages/system/grafana-oncall/charts/oncall/Chart.lock
View File

@@ -24,4 +24,4 @@ dependencies:
repository: https://prometheus-community.github.io/helm-charts
version: 25.8.2
digest: sha256:edc9fef449a694cd319135e37ac84f8247ac9ad0c48ac86099dae4e428beb7b7
generated: "2024-01-26T17:54:48.132209769Z"
generated: "2024-09-04T18:52:49.709787897Z"

4
packages/system/grafana-oncall/charts/oncall/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: v1.3.94
appVersion: v1.9.22
dependencies:
- condition: cert-manager.enabled
name: cert-manager
@@ -36,4 +36,4 @@ dependencies:
description: Developer-friendly incident response with brilliant Slack integration
name: oncall
type: application
version: 1.3.94
version: 1.9.22

13
packages/system/grafana-oncall/charts/oncall/templates/_env.tpl
View File

@@ -65,8 +65,6 @@
- name: FEATURE_SLACK_INTEGRATION_ENABLED
value: {{ .Values.oncall.slack.enabled | toString | title | quote }}
{{- if .Values.oncall.slack.enabled }}
- name: SLACK_SLASH_COMMAND_NAME
value: "/{{ .Values.oncall.slack.commandName | default "oncall" }}"
{{- if .Values.oncall.slack.existingSecret }}
- name: SLACK_CLIENT_OAUTH_ID
valueFrom:
@@ -603,6 +601,13 @@ when broker.type != rabbitmq, we do not need to include rabbitmq environment var
{{- end }}
{{- define "snippet.oncall.smtp.env" -}}
{{- $smtpTLS:=.Values.oncall.smtp.tls | default true | toString | title | quote }}
{{- $smtpSSL:=.Values.oncall.smtp.ssl | default false | toString | title | quote }}
{{- if eq $smtpTLS "\"True\"" }}
{{- if eq $smtpSSL "\"True\"" }}
{{- fail "cannot set Email (SMTP) to use SSL and TLS at the same time" }}
{{- end }}
{{- end }}
- name: FEATURE_EMAIL_INTEGRATION_ENABLED
value: {{ .Values.oncall.smtp.enabled | toString | title | quote }}
{{- if .Values.oncall.smtp.enabled }}
@@ -619,7 +624,9 @@ when broker.type != rabbitmq, we do not need to include rabbitmq environment var
key: smtp-password
optional: true
- name: EMAIL_USE_TLS
value: {{ .Values.oncall.smtp.tls | default true | toString | title | quote }}
value: {{ $smtpTLS }}
- name: EMAIL_USE_SSL
value: {{ $smtpSSL }}
- name: EMAIL_FROM_ADDRESS
value: {{ .Values.oncall.smtp.fromEmail | quote }}
- name: EMAIL_NOTIFICATIONS_LIMIT

8
packages/system/grafana-oncall/charts/oncall/templates/secrets.yaml
View File

@@ -12,8 +12,8 @@ metadata:
{{- end }}
type: Opaque
data:
{{ include "snippet.oncall.secret.secretKey" . }}: {{ randAlphaNum 40 | b64enc | quote }}
{{ include "snippet.oncall.secret.mirageSecretKey" . }}: {{ randAlphaNum 40 | b64enc | quote }}
{{ include "snippet.oncall.secret.secretKey" . }}: {{ (.Values.oncall.secrets.secretKey | default (randAlphaNum 40)) | b64enc | quote }}
{{ include "snippet.oncall.secret.mirageSecretKey" . }}: {{ (.Values.oncall.secrets.mirageSecretKey | default (randAlphaNum 40)) | b64enc | quote }}
---
{{- end }}
{{- if and (eq .Values.database.type "mysql") (not .Values.mariadb.enabled) (not .Values.externalMysql.existingSecret) }}
@@ -46,7 +46,7 @@ data:
postgres-password: {{ required "externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret" .Values.externalPostgresql.password | b64enc | quote }}
---
{{- end }}
{{- if and (eq .Values.broker.type "rabbitmq") (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }}
{{- if and (eq .Values.broker.type "rabbitmq") (.Values.externalRabbitmq.password) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
@@ -61,7 +61,7 @@ data:
rabbitmq-password: {{ required "externalRabbitmq.password is required if not rabbitmq.enabled and not externalRabbitmq.existingSecret" .Values.externalRabbitmq.password | b64enc | quote }}
---
{{- end }}
{{- if and (eq .Values.broker.type "redis") (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }}
{{- if and (.Values.externalRedis.host) (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:

5
packages/system/grafana-oncall/charts/oncall/values.yaml
View File

@@ -176,7 +176,7 @@ detached_integrations:
# Celery workers pods configuration
celery:
replicaCount: 1
worker_queue: "default,critical,long,slack,telegram,webhook,celery,grafana"
worker_queue: "default,critical,long,slack,telegram,webhook,celery,grafana,retry"
worker_concurrency: "1"
worker_max_tasks_per_child: "100"
worker_beat_enabled: "True"
@@ -305,8 +305,6 @@ oncall:
slack:
# Enable the Slack ChatOps integration for the Oncall Engine.
enabled: false
# Sets the Slack bot slash-command
commandName: oncall
# clientId configures the Slack app OAuth2 client ID.
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client ID
clientId: ~
@@ -343,6 +341,7 @@ oncall:
username: ~
password: ~
tls: ~
ssl: ~
fromEmail: ~
exporter:
enabled: false

4
packages/system/grafana-operator/charts/grafana-operator/Chart.yaml
View File

@@ -15,10 +15,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.2
version: 0.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v5.6.0"
appVersion: "v5.12.0"

50
packages/system/grafana-operator/charts/grafana-operator/README.md
View File

@@ -7,18 +7,45 @@ linkTitle: "Helm installation"
[grafana-operator](https://github.com/grafana/grafana-operator) for Kubernetes to manage Grafana instances and grafana resources.
![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.6.0](https://img.shields.io/badge/AppVersion-v5.6.0-informational?style=flat-square)
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.12.0](https://img.shields.io/badge/AppVersion-v5.12.0-informational?style=flat-square)
## Installation
This is a OCI helm chart, helm started support OCI in version 3.8.0.
```shell
helm upgrade -i grafana-operator oci://ghcr.io/grafana/helm-charts/grafana-operator --version v5.6.0
helm upgrade -i grafana-operator oci://ghcr.io/grafana/helm-charts/grafana-operator --version v5.12.0
```
Sadly helm OCI charts currently don't support searching for available versions of a helm [oci registry](https://github.com/helm/helm/issues/11000).
### Using Terraform
To install the helm chart using terraform, make sure you use the right values for `repository` and `name` as shown below:
```hcl
resource "helm_release" "grafana_kubernetes_operator" {
name = "grafana-operator"
namespace = "default"
repository = "oci://ghcr.io/grafana/helm-charts"
chart = "grafana-operator"
verify = false
version = "v5.12.0"
}
```
## Upgrading
Helm does not provide functionality to update custom resource definitions. This can result in the operator misbehaving when a release contains updates to the custom resource definitions.
To avoid issues due to outdated or missing definitions, run the following command before updating an existing installation:
```shell
kubectl apply --server-side --force-conflicts -f https://github.com/grafana/grafana-operator/releases/download/v5.12.0/crds.yaml
```
The `--server-side` and `--force-conflict` flags are required to avoid running into issues with the `kubectl.kubernetes.io/last-applied-configuration` annotation.
By using server side apply, this annotation is not considered. `--force-conflict` allows kubectl to modify fields previously managed by helm.
## Development
For general and helm specific development instructions please read the [CONTRIBUTING.md](../../../CONTRIBUTING.md)
@@ -38,24 +65,39 @@ It's easier to just manage this configuration outside of the operator.
| additionalLabels | object | `{}` | additional labels to add to all resources |
| affinity | object | `{}` | pod affinity |
| env | list | `[]` | Additional environment variables |
| fullnameOverride | string | `""` | |
| extraObjects | list | `[]` | Array of extra K8s objects to deploy |
| fullnameOverride | string | `""` | Overrides the fully qualified app name. |
| image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use in grafana operator container |
| image.repository | string | `"ghcr.io/grafana/grafana-operator"` | grafana operator image repository |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | image pull secrets |
| isOpenShift | bool | `false` | Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift |
| leaderElect | bool | `false` | If you want to run multiple replicas of the grafana-operator, this is not recommended. |
| metricsService.metricsPort | int | `9090` | metrics service port |
| metricsService.pprofPort | int | `8888` | port for the pprof profiling endpoint |
| metricsService.type | string | `"ClusterIP"` | metrics service type |
| nameOverride | string | `""` | |
| nameOverride | string | `""` | Overrides the name of the chart. |
| namespaceOverride | string | `""` | Overrides the namespace name. |
| namespaceScope | bool | `false` | If the operator should run in namespace-scope or not, if true the operator will only be able to manage instances in the same namespace |
| nodeSelector | object | `{}` | pod node selector |
| podAnnotations | object | `{}` | pod annotations |
| podSecurityContext | object | `{}` | pod security context |
| priorityClassName | string | `""` | pod priority class name |
| rbac.create | bool | `true` | Specifies whether to create the ClusterRole and ClusterRoleBinding. If "namespaceScope" is true or "watchNamespaces" is set, this will create Role and RoleBinding instead. |
| resources | object | `{}` | grafana operator container resources |
| securityContext | object | `{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | grafana operator container security context |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| serviceMonitor | object | `{"additionalLabels":{},"enabled":false,"interval":"1m","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s","targetLabels":[],"telemetryPath":"/metrics"}` | Enable this to use with Prometheus Operator |
| serviceMonitor.additionalLabels | object | `{}` | Set of labels to transfer from the Kubernetes Service onto the target |
| serviceMonitor.enabled | bool | `false` | When set true then use a ServiceMonitor to configure scraping |
| serviceMonitor.interval | string | `"1m"` | Set how frequently Prometheus should scrape |
| serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion |
| serviceMonitor.relabelings | list | `[]` | Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
| serviceMonitor.scrapeTimeout | string | `"10s"` | Set timeout for scrape |
| serviceMonitor.targetLabels | list | `[]` | Set of labels to transfer from the Kubernetes Service onto the target |
| serviceMonitor.telemetryPath | string | `"/metrics"` | Set path to metrics path |
| tolerations | list | `[]` | pod tolerations |
| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, it defines which namespaces the operator should be listening for based on label and key value pair added on namespace kind. By default it's all namespaces. |
| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, it defines which namespaces the operator should be listening for. By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. |

28
packages/system/grafana-operator/charts/grafana-operator/README.md.gotmpl
View File

@@ -19,6 +19,34 @@ helm upgrade -i grafana-operator oci://ghcr.io/grafana/helm-charts/grafana-opera
Sadly helm OCI charts currently don't support searching for available versions of a helm [oci registry](https://github.com/helm/helm/issues/11000).
### Using Terraform
To install the helm chart using terraform, make sure you use the right values for `repository` and `name` as shown below:
```hcl
resource "helm_release" "grafana_kubernetes_operator" {
name = "grafana-operator"
namespace = "default"
repository = "oci://ghcr.io/grafana/helm-charts"
chart = "grafana-operator"
verify = false
version = "{{ template "chart.appVersion" . }}"
}
```
## Upgrading
Helm does not provide functionality to update custom resource definitions. This can result in the operator misbehaving when a release contains updates to the custom resource definitions.
To avoid issues due to outdated or missing definitions, run the following command before updating an existing installation:
```shell
kubectl apply --server-side --force-conflicts -f https://github.com/grafana/grafana-operator/releases/download/{{ template "chart.appVersion" . }}/crds.yaml
```
The `--server-side` and `--force-conflict` flags are required to avoid running into issues with the `kubectl.kubernetes.io/last-applied-configuration` annotation.
By using server side apply, this annotation is not considered. `--force-conflict` allows kubectl to modify fields previously managed by helm.
## Development
For general and helm specific development instructions please read the [CONTRIBUTING.md](../../../CONTRIBUTING.md)

311
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanaalertrulegroups.yaml Normal file
View File

@@ -0,0 +1,311 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: grafanaalertrulegroups.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaAlertRuleGroup
listKind: GrafanaAlertRuleGroupList
plural: grafanaalertrulegroups
singular: grafanaalertrulegroup
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaAlertRuleGroup is the Schema for the grafanaalertrulegroups
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaAlertRuleGroupSpec defines the desired state of GrafanaAlertRuleGroup
properties:
allowCrossNamespaceImport:
type: boolean
folderRef:
description: Match GrafanaFolders CRs to infer the uid
type: string
folderUID:
description: |-
UID of the folder containing this rule group
Overrides the FolderSelector
type: string
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
interval:
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
rules:
items:
description: AlertRule defines a specific rule to be evaluated.
It is based on the upstream model with some k8s specific type
mappings
properties:
annotations:
additionalProperties:
type: string
type: object
condition:
type: string
data:
items:
properties:
datasourceUid:
description: Grafana data source unique identifier; it
should be '__expr__' for a Server Side Expression operation.
type: string
model:
description: JSON is the raw JSON query and includes the
above properties as well as custom properties.
x-kubernetes-preserve-unknown-fields: true
queryType:
description: |-
QueryType is an optional identifier for the type of query.
It can be used to distinguish different types of queries.
type: string
refId:
description: RefID is the unique identifier of the query,
set by the frontend call.
type: string
relativeTimeRange:
description: relative time range
properties:
from:
description: from
format: int64
type: integer
to:
description: to
format: int64
type: integer
type: object
type: object
type: array
execErrState:
enum:
- OK
- Alerting
- Error
- KeepLast
type: string
for:
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
isPaused:
type: boolean
labels:
additionalProperties:
type: string
type: object
noDataState:
enum:
- Alerting
- NoData
- OK
- KeepLast
type: string
notificationSettings:
properties:
group_by:
items:
type: string
type: array
group_interval:
type: string
group_wait:
type: string
mute_time_intervals:
items:
type: string
type: array
receiver:
type: string
repeat_interval:
type: string
required:
- receiver
type: object
title:
example: Always firing
maxLength: 190
minLength: 1
type: string
uid:
pattern: ^[a-zA-Z0-9-_]+$
type: string
required:
- condition
- data
- execErrState
- for
- noDataState
- title
- uid
type: object
type: array
required:
- instanceSelector
- interval
- rules
type: object
x-kubernetes-validations:
- message: Only one of FolderUID or FolderRef can be set
rule: (has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef)
&& !(has(self.folderUID)))
status:
description: GrafanaAlertRuleGroupStatus defines the observed state of
GrafanaAlertRuleGroup
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

219
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanacontactpoints.yaml Normal file
View File

@@ -0,0 +1,219 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: grafanacontactpoints.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaContactPoint
listKind: GrafanaContactPointList
plural: grafanacontactpoints
singular: grafanacontactpoint
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaContactPoint is the Schema for the grafanacontactpoints
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaContactPointSpec defines the desired state of GrafanaContactPoint
properties:
allowCrossNamespaceImport:
type: boolean
disableResolveMessage:
type: boolean
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
name:
type: string
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
settings:
x-kubernetes-preserve-unknown-fields: true
type:
enum:
- alertmanager
- prometheus-alertmanager
- dingding
- discord
- email
- googlechat
- kafka
- line
- opsgenie
- pagerduty
- pushover
- sensugo
- sensu
- slack
- teams
- telegram
- threema
- victorops
- webhook
- wecom
- hipchat
- oncall
type: string
required:
- instanceSelector
- name
- settings
type: object
status:
description: GrafanaContactPointStatus defines the observed state of GrafanaContactPoint
properties:
conditions:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

277
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanadashboards.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.14.0
name: grafanadashboards.grafana.integreatly.org
spec:
group: grafana.integreatly.org
@@ -28,32 +28,62 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaDashboard is the Schema for the grafanadashboards API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaDashboardSpec defines the desired state of GrafanaDashboard
properties:
allowCrossNamespaceImport:
description: allow to import this resources from an operator in a
different namespace
type: boolean
configMapRef:
description: dashboard from configmap
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key must be
defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
contentCacheDuration:
description: Cache duration for dashboards fetched from URLs
type: string
datasources:
description: maps required data sources to existing ones
items:
properties:
datasourceName:
@@ -66,27 +96,55 @@ spec:
type: object
type: array
envFrom:
description: environments variables from secrets or config maps
items:
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
@@ -95,33 +153,64 @@ spec:
type: object
type: array
envs:
description: environments variables as a map
items:
properties:
name:
type: string
value:
description: Inline evn value
type: string
valueFrom:
description: Reference on value source, might be the reference
on a secret or config map
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
@@ -133,8 +222,16 @@ spec:
type: object
type: array
folder:
description: folder assignment for dashboard
type: string
folderRef:
description: Name of a `GrafanaFolder` resource in the same namespace
type: string
folderUID:
description: UID of the target folder for this dashboard
type: string
grafanaCom:
description: grafana.com/dashboards
properties:
id:
type: integer
@@ -144,37 +241,67 @@ spec:
- id
type: object
gzipJson:
description: GzipJson the dashboard's JSON compressed with Gzip. Base64-encoded
when in YAML.
format: byte
type: string
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
json:
description: dashboard json
type: string
jsonnet:
description: Jsonnet
type: string
jsonnetLib:
description: Jsonnet project build
properties:
fileName:
type: string
@@ -190,6 +317,7 @@ spec:
- gzipJsonnetProject
type: object
plugins:
description: plugins
items:
properties:
name:
@@ -202,16 +330,162 @@ spec:
type: object
type: array
resyncPeriod:
default: 5m
description: how often the dashboard is refreshed, defaults to 5m
if not set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
url:
description: dashboard url
type: string
urlAuthorization:
description: authorization options for dashboard from url
properties:
basicAuth:
properties:
password:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
username:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
required:
- instanceSelector
type: object
x-kubernetes-validations:
- message: Only one of folderUID or folderRef can be declared at the same
time
rule: (has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef)
&& !(has(self.folderUID))) || !(has(self.folderRef) && (has(self.folderUID)))
- message: folder field cannot be set when folderUID or folderRef is already
declared
rule: (has(self.folder) && !(has(self.folderRef) || has(self.folderUID)))
|| !(has(self.folder))
status:
description: GrafanaDashboardStatus defines the observed state of GrafanaDashboard
properties:
NoMatchingInstances:
description: The dashboard instanceSelector can't find matching grafana
instances
type: boolean
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
contentCache:
format: byte
type: string
@@ -223,6 +497,7 @@ spec:
hash:
type: string
lastResync:
description: Last time the dashboard was resynced
format: date-time
type: string
uid:

89
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanadatasources.yaml
View File

@@ -3,11 +3,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.14.0
name: grafanadatasources.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaDatasource
listKind: GrafanaDatasourceList
plural: grafanadatasources
@@ -28,16 +30,31 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaDatasource is the Schema for the grafanadatasources API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaDatasourceSpec defines the desired state of GrafanaDatasource
properties:
allowCrossNamespaceImport:
description: allow to import this resources from an operator in a
different namespace
type: boolean
datasource:
properties:
@@ -50,6 +67,7 @@ spec:
database:
type: string
editable:
description: Deprecated field, it has no effect
type: boolean
isDefault:
type: boolean
@@ -59,6 +77,7 @@ spec:
name:
type: string
orgId:
description: Deprecated field, it has no effect
format: int64
type: integer
secureJsonData:
@@ -72,37 +91,58 @@ spec:
type: string
user:
type: string
required:
- access
- name
- type
- url
type: object
instanceSelector:
description: selects Grafana instances for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
plugins:
description: plugins
items:
properties:
name:
@@ -115,8 +155,14 @@ spec:
type: object
type: array
resyncPeriod:
default: 5m
description: how often the datasource is refreshed, defaults to 5m
if not set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
valuesFrom:
description: environments variables from secrets or config maps
items:
properties:
targetPath:
@@ -124,24 +170,51 @@ spec:
valueFrom:
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
@@ -158,14 +231,18 @@ spec:
- instanceSelector
type: object
status:
description: GrafanaDatasourceStatus defines the observed state of GrafanaDatasource
properties:
NoMatchingInstances:
description: The datasource instanceSelector can't find matching grafana
instances
type: boolean
hash:
type: string
lastMessage:
type: string
lastResync:
description: Last time the datasource was resynced
format: date-time
type: string
uid:

139
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanafolders.yaml
View File

@@ -3,11 +3,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.14.0
name: grafanafolders.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaFolder
listKind: GrafanaFolderList
plural: grafanafolders
@@ -24,57 +26,192 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaFolder is the Schema for the grafanafolders API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaFolderSpec defines the desired state of GrafanaFolder
properties:
allowCrossNamespaceImport:
description: allow to import this resources from an operator in a
different namespace
type: boolean
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
parentFolderRef:
description: Reference to an existing GrafanaFolder CR in the same
namespace
type: string
parentFolderUID:
description: UID of the folder in which the current folder should
be created
type: string
permissions:
description: raw json with folder permissions
type: string
resyncPeriod:
default: 5m
description: how often the folder is synced, defaults to 5m if not
set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
title:
type: string
required:
- instanceSelector
type: object
x-kubernetes-validations:
- message: Only one of parentFolderUID or parentFolderRef can be set
rule: (has(self.parentFolderUID) && !(has(self.parentFolderRef))) ||
(has(self.parentFolderRef) && !(has(self.parentFolderUID))) || !(has(self.parentFolderRef)
&& (has(self.parentFolderUID)))
status:
description: GrafanaFolderStatus defines the observed state of GrafanaFolder
properties:
NoMatchingInstances:
description: The folder instanceSelector can't find matching grafana
instances
type: boolean
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
hash:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
type: string
lastResync:
description: Last time the folder was resynced
format: date-time
type: string
type: object

257
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafananotificationpolicies.yaml Normal file
View File

@@ -0,0 +1,257 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: grafananotificationpolicies.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaNotificationPolicy
listKind: GrafanaNotificationPolicyList
plural: grafananotificationpolicies
singular: grafananotificationpolicy
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaNotificationPolicy is the Schema for the GrafanaNotificationPolicy
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaNotificationPolicySpec defines the desired state of
GrafanaNotificationPolicy
properties:
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
route:
description: Routes for alerts to match against
properties:
continue:
description: continue
type: boolean
group_by:
description: group by
items:
type: string
type: array
group_interval:
description: group interval
type: string
group_wait:
description: group wait
type: string
match_re:
additionalProperties:
type: string
description: match re
type: object
matchers:
description: matchers
items:
properties:
isEqual:
description: is equal
type: boolean
isRegex:
description: is regex
type: boolean
name:
description: name
type: string
value:
description: value
type: string
required:
- isRegex
- value
type: object
type: array
mute_time_intervals:
description: mute time intervals
items:
type: string
type: array
object_matchers:
description: object matchers
items:
description: |-
ObjectMatcher ObjectMatcher is a matcher that can be used to filter alerts.
swagger:model ObjectMatcher
items:
type: string
type: array
type: array
provenance:
description: provenance
type: string
receiver:
description: receiver
type: string
repeat_interval:
description: repeat interval
type: string
routes:
description: routes
x-kubernetes-preserve-unknown-fields: true
type: object
required:
- instanceSelector
- route
type: object
status:
description: GrafanaNotificationPolicyStatus defines the observed state
of GrafanaNotificationPolicy
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

5477
packages/system/grafana-operator/charts/grafana-operator/crds/grafana.integreatly.org_grafanas.yaml
View File

File diff suppressed because it is too large Load Diff

18
packages/system/grafana-operator/charts/grafana-operator/files/rbac-openshift.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- update
- watch

250
packages/system/grafana-operator/charts/grafana-operator/files/rbac.yaml Normal file
View File

@@ -0,0 +1,250 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanacontactpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanacontactpoints/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanacontactpoints/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafananotificationpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafananotificationpolicies/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafananotificationpolicies/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

11
packages/system/grafana-operator/charts/grafana-operator/templates/_helpers.tpl
View File

@@ -23,6 +23,13 @@ If release name contains chart name it will be used as a full name.
{{- end }}
{{- end }}
{{/*
Allow the release namespace to be overridden
*/}}
{{- define "grafana-operator.namespace" -}}
{{ .Values.namespaceOverride | default .Release.Namespace }}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
@@ -40,6 +47,10 @@ helm.sh/chart: {{ include "grafana-operator.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: grafana-operator
{{- with .Values.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*

7
packages/system/grafana-operator/charts/grafana-operator/templates/cm.yaml
View File

@@ -3,11 +3,10 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "grafana-operator.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "grafana-operator.namespace" . }}
labels:
{{- with .Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- include "grafana-operator.labels" . | nindent 4 }}
app.kubernetes.io/component: operator
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1

22
packages/system/grafana-operator/charts/grafana-operator/templates/deployment.yaml
View File

@@ -2,12 +2,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "grafana-operator.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "grafana-operator.namespace" . }}
labels:
{{- include "grafana-operator.labels" . | nindent 4 }}
{{- with .Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: operator
spec:
replicas: 1
selector:
@@ -20,10 +18,8 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "grafana-operator.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "grafana-operator.labels" . | nindent 8 }}
app.kubernetes.io/component: operator
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -49,12 +45,19 @@ spec:
{{ else }}
value: {{ .Values.watchNamespaces }}
{{- end }}
- name: WATCH_NAMESPACE_SELECTOR
{{- if and .Values.namespaceScope (eq .Values.watchNamespaceSelector "") }}
value: ""
{{ else }}
value: {{quote .Values.watchNamespaceSelector }}
{{- end }}
{{- with .Values.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=0.0.0.0:{{ .Values.metricsService.metricsPort }}
- --pprof-addr=0.0.0.0:{{ .Values.metricsService.pprofPort }}
{{- if .Values.leaderElect }}
- --leader-elect
{{- end }}
@@ -65,6 +68,9 @@ spec:
- containerPort: {{ .Values.metricsService.metricsPort }}
name: metrics
protocol: TCP
- containerPort: {{ .Values.metricsService.pprofPort }}
name: pprof
protocol: TCP
livenessProbe:
httpGet:
path: /healthz

4
packages/system/grafana-operator/charts/grafana-operator/templates/extraobjects.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

243
packages/system/grafana-operator/charts/grafana-operator/templates/rbac.yaml
View File

@@ -1,8 +1,15 @@
{{- $watchNamespaces := coalesce .Values.watchNamespaces .Release.Namespace }}
{{- if .Values.rbac.create -}}
{{ $rbac := .Files.Get "files/rbac.yaml" | fromYaml }}
{{ $rbacOpenShift := .Files.Get "files/rbac-openshift.yaml" | fromYaml }}
{{- $watchNamespaces := coalesce .Values.watchNamespaces .Values.namespaceOverride .Release.Namespace }}
{{- $namespaceScoped := false }}
{{- $isOpenShift := false }}
{{- if or (.Values.namespaceScope) (.Values.watchNamespaces) }}
{{- $namespaceScoped = true }}
{{- end }}
{{- if (.Values.isOpenShift) }}
{{- $isOpenShift = true }}
{{- end }}
{{- $operatorNamespace := .Release.Namespace }}
{{- range ( split "," $watchNamespaces ) }}
---
@@ -10,243 +17,35 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if not $namespaceScoped }}Cluster{{ end }}Role
metadata:
{{- if $namespaceScoped }}
namespace: {{ $operatorNamespace }}
namespace: {{ . }}
{{- end }}
name: grafana-operator-permissions
name: {{ include "grafana-operator.fullname" $ }}
labels:
{{- include "grafana-operator.labels" $ | nindent 4 }}
{{- with $.Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadashboards/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanadatasources/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanafolders/status
verbs:
- get
- patch
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanas/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
{{- toYaml $rbac.rules | nindent 2 }}
{{- if $isOpenShift }}
{{- toYaml $rbacOpenShift.rules | nindent 2 -}}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if not $namespaceScoped }}Cluster{{ end }}RoleBinding
metadata:
name: grafana-operator-permissions
name: {{ include "grafana-operator.fullname" $ }}
{{- if $namespaceScoped }}
namespace: {{ $operatorNamespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- include "grafana-operator.labels" $ | nindent 4 }}
{{- with $.Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: operator
subjects:
- kind: ServiceAccount
name: {{ include "grafana-operator.serviceAccountName" $ }}
namespace: {{ $operatorNamespace }}
namespace: {{ include "grafana-operator.namespace" $ }}
roleRef:
kind: {{ if not $namespaceScoped }}Cluster{{ end }}Role
name: grafana-operator-permissions
name: {{ include "grafana-operator.fullname" $ }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

10
packages/system/grafana-operator/charts/grafana-operator/templates/service.yaml
View File

@@ -2,12 +2,10 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "grafana-operator.fullname" . }}-metrics-service
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "grafana-operator.namespace" . }}
labels:
{{- include "grafana-operator.labels" . | nindent 4 }}
{{- with .Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: operator
spec:
type: {{ .Values.metricsService.type }}
ports:
@@ -15,5 +13,9 @@ spec:
targetPort: metrics
protocol: TCP
name: metrics
- port: {{ .Values.metricsService.pprofPort }}
targetPort: pprof
protocol: TCP
name: pprof
selector:
{{- include "grafana-operator.selectorLabels" . | nindent 4 }}

6
packages/system/grafana-operator/charts/grafana-operator/templates/serviceaccount.yaml
View File

@@ -3,12 +3,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "grafana-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "grafana-operator.namespace" . }}
labels:
{{- include "grafana-operator.labels" . | nindent 4 }}
{{- with .Values.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: operator
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}

44
packages/system/grafana-operator/charts/grafana-operator/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if.Values.serviceMonitor.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "grafana-operator.fullname" . }}
namespace: {{ include "grafana-operator.namespace" . }}
labels:
{{- include "grafana-operator.labels" . | nindent 4 }}
app.kubernetes.io/component: operator
{{- with .Values.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Release.Name }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "grafana-operator.selectorLabels" . | nindent 6 }}
endpoints:
- port: metrics
path: {{ .Values.serviceMonitor.telemetryPath }}
{{- with .Values.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- if .Values.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ toYaml .Values.serviceMonitor.metricRelabelings | indent 4 }}
{{- end }}
{{- if .Values.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.serviceMonitor.targetLabels }}
targetLabels:
{{- range .Values.serviceMonitor.targetLabels }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}

60
packages/system/grafana-operator/charts/grafana-operator/values.yaml
View File

@@ -10,6 +10,14 @@ leaderElect: false
# By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope.
watchNamespaces: ""
# -- Sets the WATCH_NAMESPACE_SELECTOR environment variable,
# it defines which namespaces the operator should be listening for based on label and key value pair added on namespace kind.
# By default it's all namespaces.
watchNamespaceSelector: ""
# -- Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift
isOpenShift: false
# -- Additional environment variables
env: []
# -- grafana image, e.g. docker.io/grafana/grafana:9.1.6, overwrites the default grafana image defined in the operator
@@ -29,9 +37,15 @@ image:
# -- image pull secrets
imagePullSecrets: []
# -- Overrides the name of the chart.
nameOverride: ""
# -- Overrides the fully qualified app name.
fullnameOverride: ""
# -- Overrides the namespace name.
namespaceOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
@@ -41,11 +55,18 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
rbac:
# -- Specifies whether to create the ClusterRole and ClusterRoleBinding.
# If "namespaceScope" is true or "watchNamespaces" is set, this will create Role and RoleBinding instead.
create: true
metricsService:
# -- metrics service type
type: ClusterIP
# -- metrics service port
metricsPort: 9090
# -- port for the pprof profiling endpoint
pprofPort: 8888
# -- additional labels to add to all resources
additionalLabels: {}
@@ -78,3 +99,42 @@ tolerations: []
# -- pod affinity
affinity: {}
# -- Enable this to use with Prometheus Operator
serviceMonitor:
# -- When set true then use a ServiceMonitor to configure scraping
enabled: false
# -- Set of labels to transfer from the Kubernetes Service onto the target
additionalLabels: {}
# -- Set how frequently Prometheus should scrape
interval: 1m
# -- Set timeout for scrape
scrapeTimeout: 10s
# -- Set path to metrics path
telemetryPath: /metrics
# -- Set of labels to transfer from the Kubernetes Service onto the target
targetLabels: []
# -- MetricRelabelConfigs to apply to samples before ingestion
metricRelabelings: []
# -- Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
relabelings: []
# -- Array of extra K8s objects to deploy
extraObjects: []
# - apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: grafana-operator-apikey
# spec:
# refreshInterval: 1h
# secretStoreRef:
# kind: SecretStore
# name: my-secret-store
# target:
# template:
# data:
# GRAFANA_CLOUD_INSTANCE_TOKEN: "{{`{{ .Token }}`}}"
# dataFrom:
# - extract:
# key: my-secret-store-secret

2
packages/system/kafka-operator/charts/strimzi-kafka-operator/.helmignore
View File

@@ -19,5 +19,3 @@
.project
.idea/
*.tmproj
# Unit Tests
tests/

4
packages/system/kafka-operator/charts/strimzi-kafka-operator/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 0.43.0
appVersion: 0.40.0
description: 'Strimzi: Apache Kafka running on Kubernetes'
home: https://strimzi.io/
icon: https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/main/documentation/logo/strimzi_logo.png
@@ -24,4 +24,4 @@ maintainers:
name: strimzi-kafka-operator
sources:
- https://github.com/strimzi/strimzi-kafka-operator
version: 0.43.0
version: 0.40.0

21
packages/system/kafka-operator/charts/strimzi-kafka-operator/README.md
View File

@@ -9,8 +9,8 @@ Upgrading to Strimzi 0.32 and newer directly from Strimzi 0.22 and earlier is no
Please follow the [documentation](https://strimzi.io/docs/operators/latest/full/deploying.html#assembly-upgrade-str) for more details.
**!!! IMPORTANT !!!**
Strimzi 0.43.0 (and any of its patch releases) is the last Strimzi version with support for Kubernetes 1.23 and 1.24.
From Strimzi 0.44.0 on, Strimzi will support only Kubernetes 1.25 and newer.
From Strimzi 0.40 on, we support only Kubernetes 1.23 and newer.
Kubernetes versions 1.21 and 1.22 are no longer supported.
## Introduction
@@ -21,7 +21,6 @@ cluster using the [Helm](https://helm.sh) package manager.
### Supported Features
* **Manages the Kafka Cluster** - Deploys and manages all of the components of this complex application, including dependencies like Apache ZooKeeper® that are traditionally hard to administer.
* **KRaft support** - Allows running Apache Kafka clusters in the KRaft mode (without ZooKeeper).
* **Includes Kafka Connect** - Allows for configuration of common data sources and sinks to move data into and out of the Kafka cluster.
* **Topic Management** - Creates and manages Kafka Topics within the cluster.
* **User Management** - Creates and manages Kafka Users within the cluster.
@@ -92,12 +91,11 @@ the documentation for more details.
| Parameter | Description | Default |
|---------------------------------------------|---------------------------------------------------------------------------------|------------------------------|
| `replicas` | Number of replicas of the cluster operator | 1 |
| `revisionHistoryLimit` | Number of replicaSet to keep of the operator deployment | 10 |
| `watchNamespaces` | Comma separated list of additional namespaces for the strimzi-operator to watch | [] |
| `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` |
| `defaultImageRegistry` | Default image registry for all the images | `quay.io` |
| `defaultImageRepository` | Default image registry for all the images | `strimzi` |
| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.43.0` |
| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.40.0` |
| `image.registry` | Override default Cluster Operator image registry | `nil` |
| `image.repository` | Override default Cluster Operator image repository | `nil` |
| `image.name` | Cluster Operator image name | `cluster-operator` |
@@ -158,10 +156,16 @@ the documentation for more details.
| `kafkaInit.image.name` | Init Kafka image name | `operator` |
| `kafkaInit.image.tag` | Override default Init Kafka image tag | `nil` |
| `kafkaInit.image.digest` | Override Init Kafka image tag with digest | `nil` |
| `tlsSidecarEntityOperator.image.registry` | Override default TLS Sidecar Entity Operator image registry | `nil` |
| `tlsSidecarEntityOperator.image.repository` | Override default TLS Sidecar Entity Operator image repository | `nil` |
| `tlsSidecarEntityOperator.image.name` | TLS Sidecar Entity Operator image name | `kafka` |
| `tlsSidecarEntityOperator.image.tagPrefix` | Override default TLS Sidecar Entity Operator image tag prefix | `nil` |
| `tlsSidecarEntityOperator.image.tag` | Override default TLS Sidecar Entity Operator image tag and ignore suffix | `nil` |
| `tlsSidecarEntityOperator.image.digest` | Override TLS Sidecar Entity Operator image tag with digest | `nil` |
| `kafkaBridge.image.registry` | Override default Kafka Bridge image registry | `quay.io` |
| `kafkaBridge.image.repository` | Override default Kafka Bridge image repository | `strimzi` |
| `kafkaBridge.image.name` | Kafka Bridge image name | `kafka-bridge` |
| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.30.0` |
| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.28.0` |
| `kafkaBridge.image.digest` | Override Kafka Bridge image tag with digest | `nil` |
| `kafkaExporter.image.registry` | Override default Kafka Exporter image registry | `nil` |
| `kafkaExporter.image.repository` | Override default Kafka Exporter image repository | `nil` |
@@ -180,9 +184,9 @@ the documentation for more details.
| `kanikoExecutor.image.name` | Kaniko Executor image name | `kaniko-executor` |
| `kanikoExecutor.image.tag` | Override default Kaniko Executor image tag | `nil` |
| `kanikoExecutor.image.digest` | Override Kaniko Executor image tag with digest | `nil` |
| `resources.limits.memory` | Memory constraint for limits | `384Mi` |
| `resources.limits.memory` | Memory constraint for limits | `256Mi` |
| `resources.limits.cpu` | CPU constraint for limits | `1000m` |
| `resources.requests.memory` | Memory constraint for requests | `384Mi` |
| `resources.requests.memory` | Memory constraint for requests | `256Mi` |
| `livenessProbe.initialDelaySeconds` | Liveness probe initial delay in seconds | 10 |
| `livenessProbe.periodSeconds` | Liveness probe period in seconds | 30 |
| `readinessProbe.initialDelaySeconds` | Readiness probe initial delay in seconds | 10 |
@@ -206,7 +210,6 @@ the documentation for more details.
| `mavenBuilder.image.tag` | Override default Maven Builder image tag | `nil` |
| `mavenBuilder.image.digest` | Override Maven Builder image tag with digest | `nil` |
| `logConfiguration` | Override default `log4j.properties` content | `nil` |
| `logLevel` | Override default logging level | `INFO` |
| `dashboards.enable` | Generate configmaps containing the dashboards | `false` |
| `dashboards.label` | How should the dashboards be labeled for the sidecar | `grafana_dashboard` |
| `dashboards.labelValue` | What should the dashboards label value be for the sidecar | `"1"` |

1948
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/040-Crd-kafka.yaml
View File

File diff suppressed because it is too large Load Diff

650
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml
View File

@@ -74,25 +74,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection.
description: TLS configuration.
@@ -115,48 +104,26 @@ spec:
accessTokenIsJwt:
type: boolean
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation:
type: string
description: Path to the token file containing an access token to be used for authentication.
audience:
type: string
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
certificateAndKey:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the Secret.
key:
type: string
description: The name of the private key in the Secret.
required:
- secretName
- certificate
- key
description: Reference to the `Secret` which holds the certificate and private key pair.
clientAssertion:
type: object
properties:
key:
type: string
description: The key under which the secret value is stored in the Kubernetes Secret.
secretName:
type: string
description: The name of the Kubernetes Secret containing the secret value.
description: The name of the Secret containing the certificate.
required:
- certificate
- key
- secretName
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
clientAssertionLocation:
type: string
description: Path to the file containing the client assertion to be used for authentication.
clientAssertionType:
type: string
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
description: Reference to the `Secret` which holds the certificate and private key pair.
clientId:
type: string
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
@@ -197,15 +164,15 @@ spec:
passwordSecret:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the password.
password:
type: string
description: The name of the key in the Secret under which the password is stored.
secretName:
type: string
description: The name of the Secret containing the password.
required:
- secretName
- password
- secretName
description: Reference to the `Secret` which holds the password.
readTimeoutSeconds:
type: integer
@@ -223,11 +190,6 @@ spec:
- key
- secretName
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
saslExtensions:
additionalProperties:
type: string
type: object
description: SASL extensions parameters.
scope:
type: string
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
@@ -236,25 +198,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection to the OAuth server.
tokenEndpointUri:
@@ -290,33 +241,23 @@ spec:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
description: The maximum limits for CPU and memory resources and the requested initial resources.
livenessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -325,22 +266,22 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod liveness checking.
readinessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -349,10 +290,10 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod readiness checking.
jvmOptions:
type: object
@@ -362,14 +303,14 @@ spec:
type: string
type: object
description: A map of -XX options to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
"-Xms":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xms option to to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
gcLoggingEnabled:
type: boolean
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
@@ -445,32 +386,6 @@ spec:
required:
- topologyKey
description: Configuration of the node label which will be used as the `client.rack` consumer configuration.
metricsConfig:
type: object
properties:
type:
type: string
enum:
- jmxPrometheusExporter
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
valueFrom:
type: object
properties:
configMapKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to the key in the ConfigMap containing the configuration.
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
required:
- type
- valueFrom
description: Metrics configuration.
tracing:
type: object
properties:
@@ -556,13 +471,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -965,6 +873,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -1007,110 +940,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka Connect `Pods`.
apiService:
type: object
@@ -1198,13 +1027,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1258,26 +1080,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Connect container.
initContainer:
type: object
@@ -1299,13 +1101,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1359,26 +1154,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka init container.
podDisruptionBudget:
type: object
@@ -1466,13 +1241,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -1875,6 +1643,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -1917,110 +1710,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes.
buildContainer:
type: object
@@ -2042,13 +1731,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -2102,26 +1784,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes.
buildConfig:
type: object
@@ -2180,7 +1842,7 @@ spec:
description: Annotations added to the Kubernetes resource.
description: Metadata applied to the resource.
description: Template for Secret of the Kafka Connect Cluster JMX authentication.
description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
externalConfiguration:
type: object
properties:
@@ -2195,16 +1857,6 @@ spec:
valueFrom:
type: object
properties:
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a Secret.
configMapKeyRef:
type: object
properties:
@@ -2215,6 +1867,16 @@ spec:
optional:
type: boolean
description: Reference to a key in a ConfigMap.
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a Secret.
description: Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
required:
- name
@@ -2225,6 +1887,27 @@ spec:
items:
type: object
properties:
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
name:
type: string
description: Name of the volume which will be added to the Kafka Connect pods.
@@ -2249,27 +1932,6 @@ spec:
secretName:
type: string
description: Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
required:
- name
description: Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.
@@ -2301,6 +1963,23 @@ spec:
- image
- type
description: Configures where should the newly built image be stored. Required.
resources:
type: object
properties:
claims:
type: array
items:
type: object
properties:
name:
type: string
limits:
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
x-kubernetes-preserve-unknown-fields: true
type: object
description: CPU and memory resources to reserve for the build.
plugins:
type: array
items:
@@ -2356,37 +2035,36 @@ spec:
- name
- artifacts
description: List of connector plugins which should be added to the Kafka Connect. Required.
resources:
type: object
properties:
claims:
type: array
items:
type: object
properties:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
type: object
description: CPU and memory resources to reserve for the build.
required:
- output
- plugins
description: Configures how the Connect container image should be built. Optional.
metricsConfig:
type: object
properties:
type:
type: string
enum:
- jmxPrometheusExporter
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
valueFrom:
type: object
properties:
configMapKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to the key in the ConfigMap containing the configuration.
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
required:
- type
- valueFrom
description: Metrics configuration.
required:
- bootstrapServers
description: The specification of the Kafka Connect cluster.
@@ -2425,20 +2103,20 @@ spec:
items:
type: object
properties:
class:
type: string
description: The class of the connector plugin.
type:
type: string
description: The type of the connector plugin. The available types are `sink` and `source`.
version:
type: string
description: The version of the connector plugin.
class:
type: string
description: The class of the connector plugin.
description: The list of connector plugins available in this Kafka Connect deployment.
replicas:
type: integer
description: The current number of pods being used to provide this resource.
labelSelector:
type: string
description: Label selector for pods providing this resource.
replicas:
type: integer
description: The current number of pods being used to provide this resource.
description: The status of the Kafka Connect cluster.

75
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml
View File

@@ -58,9 +58,6 @@ spec:
spec:
type: object
properties:
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
partitions:
type: integer
minimum: 1
@@ -74,6 +71,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
@@ -108,25 +108,6 @@ spec:
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
replicasChange:
type: object
properties:
targetReplicas:
type: integer
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
state:
type: string
enum:
- pending
- ongoing
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
message:
type: string
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
sessionId:
type: string
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
description: Replication factor change status.
description: The status of the topic.
- name: v1beta1
served: true
@@ -165,9 +146,6 @@ spec:
spec:
type: object
properties:
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
partitions:
type: integer
minimum: 1
@@ -181,6 +159,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
@@ -215,25 +196,6 @@ spec:
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
replicasChange:
type: object
properties:
targetReplicas:
type: integer
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
state:
type: string
enum:
- pending
- ongoing
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
message:
type: string
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
sessionId:
type: string
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
description: Replication factor change status.
description: The status of the topic.
- name: v1alpha1
served: true
@@ -272,9 +234,6 @@ spec:
spec:
type: object
properties:
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
partitions:
type: integer
minimum: 1
@@ -288,6 +247,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
@@ -322,23 +284,4 @@ spec:
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
replicasChange:
type: object
properties:
targetReplicas:
type: integer
description: The target replicas value requested by the user. This may be different from .spec.replicas when a change is ongoing.
state:
type: string
enum:
- pending
- ongoing
description: "Current state of the replicas change operation. This can be `pending`, when the change has been requested, or `ongoing`, when the change has been successfully submitted to Cruise Control."
message:
type: string
description: Message for the user related to the replicas change request. This may contain transient error messages that would disappear on periodic reconciliations.
sessionId:
type: string
description: The session identifier for replicas change requests pertaining to this KafkaTopic resource. This is used by the Topic Operator to track the status of `ongoing` replicas change operations.
description: Replication factor change status.
description: The status of the topic.

234
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml
View File

@@ -99,38 +99,9 @@ spec:
items:
type: object
properties:
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
host:
type: string
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
@@ -162,7 +133,36 @@ spec:
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
@@ -178,22 +178,22 @@ spec:
quotas:
type: object
properties:
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object
@@ -330,38 +330,9 @@ spec:
items:
type: object
properties:
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
host:
type: string
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
@@ -393,7 +364,36 @@ spec:
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
@@ -409,22 +409,22 @@ spec:
quotas:
type: object
properties:
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object
@@ -561,38 +561,9 @@ spec:
items:
type: object
properties:
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
host:
type: string
description: "The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host."
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
@@ -624,7 +595,36 @@ spec:
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource."
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
@@ -640,22 +640,22 @@ spec:
quotas:
type: object
properties:
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object

375
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml
View File

@@ -109,48 +109,26 @@ spec:
accessTokenIsJwt:
type: boolean
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation:
type: string
description: Path to the token file containing an access token to be used for authentication.
audience:
type: string
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
certificateAndKey:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the Secret.
key:
type: string
description: The name of the private key in the Secret.
required:
- secretName
- certificate
- key
description: Reference to the `Secret` which holds the certificate and private key pair.
clientAssertion:
type: object
properties:
key:
type: string
description: The key under which the secret value is stored in the Kubernetes Secret.
secretName:
type: string
description: The name of the Kubernetes Secret containing the secret value.
description: The name of the Secret containing the certificate.
required:
- certificate
- key
- secretName
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
clientAssertionLocation:
type: string
description: Path to the file containing the client assertion to be used for authentication.
clientAssertionType:
type: string
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
description: Reference to the `Secret` which holds the certificate and private key pair.
clientId:
type: string
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
@@ -191,15 +169,15 @@ spec:
passwordSecret:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the password.
password:
type: string
description: The name of the key in the Secret under which the password is stored.
secretName:
type: string
description: The name of the Secret containing the password.
required:
- secretName
- password
- secretName
description: Reference to the `Secret` which holds the password.
readTimeoutSeconds:
type: integer
@@ -217,11 +195,6 @@ spec:
- key
- secretName
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
saslExtensions:
additionalProperties:
type: string
type: object
description: SASL extensions parameters.
scope:
type: string
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
@@ -230,25 +203,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection to the OAuth server.
tokenEndpointUri:
@@ -269,6 +231,10 @@ spec:
required:
- type
description: Authentication configuration for connecting to the cluster.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The MirrorMaker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols)."
tls:
type: object
properties:
@@ -277,32 +243,17 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection.
description: TLS configuration for connecting MirrorMaker to the cluster.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The MirrorMaker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols)."
required:
- bootstrapServers
- groupId
@@ -335,48 +286,26 @@ spec:
accessTokenIsJwt:
type: boolean
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation:
type: string
description: Path to the token file containing an access token to be used for authentication.
audience:
type: string
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
certificateAndKey:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the Secret.
key:
type: string
description: The name of the private key in the Secret.
required:
- secretName
- certificate
- key
description: Reference to the `Secret` which holds the certificate and private key pair.
clientAssertion:
type: object
properties:
key:
type: string
description: The key under which the secret value is stored in the Kubernetes Secret.
secretName:
type: string
description: The name of the Kubernetes Secret containing the secret value.
description: The name of the Secret containing the certificate.
required:
- certificate
- key
- secretName
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
clientAssertionLocation:
type: string
description: Path to the file containing the client assertion to be used for authentication.
clientAssertionType:
type: string
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
description: Reference to the `Secret` which holds the certificate and private key pair.
clientId:
type: string
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
@@ -417,15 +346,15 @@ spec:
passwordSecret:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the password.
password:
type: string
description: The name of the key in the Secret under which the password is stored.
secretName:
type: string
description: The name of the Secret containing the password.
required:
- secretName
- password
- secretName
description: Reference to the `Secret` which holds the password.
readTimeoutSeconds:
type: integer
@@ -443,11 +372,6 @@ spec:
- key
- secretName
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
saslExtensions:
additionalProperties:
type: string
type: object
description: SASL extensions parameters.
scope:
type: string
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
@@ -456,25 +380,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection to the OAuth server.
tokenEndpointUri:
@@ -507,25 +420,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection.
description: TLS configuration for connecting MirrorMaker to the cluster.
@@ -543,20 +445,10 @@ spec:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
description: CPU and memory resources to reserve.
whitelist:
@@ -573,14 +465,14 @@ spec:
type: string
type: object
description: A map of -XX options to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
"-Xms":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xms option to to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
gcLoggingEnabled:
type: boolean
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
@@ -721,13 +613,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -1130,6 +1015,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -1172,110 +1082,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka MirrorMaker `Pods`.
podDisruptionBudget:
type: object
@@ -1319,13 +1125,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1379,26 +1178,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for Kafka MirrorMaker container.
serviceAccount:
type: object
@@ -1422,14 +1201,14 @@ spec:
livenessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -1438,22 +1217,22 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod liveness checking.
readinessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -1462,10 +1241,10 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod readiness checking.
oneOf:
- properties:

330
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml
View File

@@ -77,25 +77,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection.
description: TLS configuration for connecting Kafka Bridge to the cluster.
@@ -118,48 +107,26 @@ spec:
accessTokenIsJwt:
type: boolean
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation:
type: string
description: Path to the token file containing an access token to be used for authentication.
audience:
type: string
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
certificateAndKey:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the Secret.
key:
type: string
description: The name of the private key in the Secret.
required:
- secretName
- certificate
- key
description: Reference to the `Secret` which holds the certificate and private key pair.
clientAssertion:
type: object
properties:
key:
type: string
description: The key under which the secret value is stored in the Kubernetes Secret.
secretName:
type: string
description: The name of the Kubernetes Secret containing the secret value.
description: The name of the Secret containing the certificate.
required:
- certificate
- key
- secretName
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
clientAssertionLocation:
type: string
description: Path to the file containing the client assertion to be used for authentication.
clientAssertionType:
type: string
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
description: Reference to the `Secret` which holds the certificate and private key pair.
clientId:
type: string
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
@@ -200,15 +167,15 @@ spec:
passwordSecret:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the password.
password:
type: string
description: The name of the key in the Secret under which the password is stored.
secretName:
type: string
description: The name of the Secret containing the password.
required:
- secretName
- password
- secretName
description: Reference to the `Secret` which holds the password.
readTimeoutSeconds:
type: integer
@@ -226,11 +193,6 @@ spec:
- key
- secretName
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
saslExtensions:
additionalProperties:
type: string
type: object
description: SASL extensions parameters.
scope:
type: string
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
@@ -239,25 +201,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection to the OAuth server.
tokenEndpointUri:
@@ -314,12 +265,6 @@ spec:
consumer:
type: object
properties:
enabled:
type: boolean
description: Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`).
timeoutSeconds:
type: integer
description: "The timeout in seconds for deleting inactive consumers, default is -1 (disabled)."
config:
x-kubernetes-preserve-unknown-fields: true
type: object
@@ -328,9 +273,6 @@ spec:
producer:
type: object
properties:
enabled:
type: boolean
description: Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`).
config:
x-kubernetes-preserve-unknown-fields: true
type: object
@@ -347,20 +289,10 @@ spec:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
description: CPU and memory resources to reserve.
jvmOptions:
@@ -371,14 +303,14 @@ spec:
type: string
type: object
description: A map of -XX options to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
"-Xms":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xms option to to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
gcLoggingEnabled:
type: boolean
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
@@ -445,14 +377,14 @@ spec:
livenessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -461,22 +393,22 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod liveness checking.
readinessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -485,10 +417,10 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod readiness checking.
template:
type: object
@@ -545,13 +477,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -954,6 +879,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -996,110 +946,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka Bridge `Pods`.
apiService:
type: object
@@ -1176,13 +1022,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1236,26 +1075,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Bridge container.
clusterRoleBinding:
type: object
@@ -1313,13 +1132,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1373,26 +1185,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Bridge init container.
description: Template for Kafka Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated.
tracing:
@@ -1440,10 +1232,10 @@ spec:
url:
type: string
description: The URL at which external client applications can access the Kafka Bridge.
replicas:
type: integer
description: The current number of pods being used to provide this resource.
labelSelector:
type: string
description: Label selector for pods providing this resource.
replicas:
type: integer
description: The current number of pods being used to provide this resource.
description: The status of the Kafka Bridge.

2
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/047-Crd-kafkaconnector.yaml
View File

@@ -81,7 +81,7 @@ spec:
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.

678
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml
View File

@@ -86,25 +86,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection.
description: TLS configuration for connecting MirrorMaker 2 connectors to a cluster.
@@ -127,48 +116,26 @@ spec:
accessTokenIsJwt:
type: boolean
description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation:
type: string
description: Path to the token file containing an access token to be used for authentication.
audience:
type: string
description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request."
certificateAndKey:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the Secret.
key:
type: string
description: The name of the private key in the Secret.
required:
- secretName
- certificate
- key
description: Reference to the `Secret` which holds the certificate and private key pair.
clientAssertion:
type: object
properties:
key:
type: string
description: The key under which the secret value is stored in the Kubernetes Secret.
secretName:
type: string
description: The name of the Kubernetes Secret containing the secret value.
description: The name of the Secret containing the certificate.
required:
- certificate
- key
- secretName
description: Link to Kubernetes secret containing the client assertion which was manually configured for the client.
clientAssertionLocation:
type: string
description: Path to the file containing the client assertion to be used for authentication.
clientAssertionType:
type: string
description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`."
description: Reference to the `Secret` which holds the certificate and private key pair.
clientId:
type: string
description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
@@ -209,15 +176,15 @@ spec:
passwordSecret:
type: object
properties:
secretName:
type: string
description: The name of the Secret containing the password.
password:
type: string
description: The name of the key in the Secret under which the password is stored.
secretName:
type: string
description: The name of the Secret containing the password.
required:
- secretName
- password
- secretName
description: Reference to the `Secret` which holds the password.
readTimeoutSeconds:
type: integer
@@ -235,11 +202,6 @@ spec:
- key
- secretName
description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
saslExtensions:
additionalProperties:
type: string
type: object
description: SASL extensions parameters.
scope:
type: string
description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
@@ -248,25 +210,14 @@ spec:
items:
type: object
properties:
certificate:
type: string
description: The name of the file certificate in the Secret.
secretName:
type: string
description: The name of the Secret containing the certificate.
certificate:
type: string
description: The name of the file certificate in the secret.
pattern:
type: string
description: "Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used."
oneOf:
- properties:
certificate: {}
required:
- certificate
- properties:
pattern: {}
required:
- pattern
required:
- certificate
- secretName
description: Trusted certificates for TLS connection to the OAuth server.
tokenEndpointUri:
@@ -313,20 +264,10 @@ spec:
type: integer
minimum: 1
description: The maximum number of tasks for the Kafka Connector.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
autoRestart:
type: object
properties:
@@ -337,6 +278,16 @@ spec:
type: integer
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
description: Automatic restart of connector and tasks configuration.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: The specification of the Kafka MirrorMaker 2 source connector.
heartbeatConnector:
type: object
@@ -345,20 +296,10 @@ spec:
type: integer
minimum: 1
description: The maximum number of tasks for the Kafka Connector.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
autoRestart:
type: object
properties:
@@ -369,6 +310,16 @@ spec:
type: integer
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
description: Automatic restart of connector and tasks configuration.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: The specification of the Kafka MirrorMaker 2 heartbeat connector.
checkpointConnector:
type: object
@@ -377,20 +328,10 @@ spec:
type: integer
minimum: 1
description: The maximum number of tasks for the Kafka Connector.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The Kafka Connector configuration. The following properties cannot be set: name, connector.class, tasks.max."
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
autoRestart:
type: object
properties:
@@ -401,6 +342,16 @@ spec:
type: integer
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
description: Automatic restart of connector and tasks configuration.
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: The specification of the Kafka MirrorMaker 2 checkpoint connector.
topicsPattern:
type: string
@@ -435,33 +386,23 @@ spec:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
description: The maximum limits for CPU and memory resources and the requested initial resources.
livenessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -470,22 +411,22 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod liveness checking.
readinessProbe:
type: object
properties:
failureThreshold:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
initialDelaySeconds:
type: integer
minimum: 0
description: The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
timeoutSeconds:
type: integer
minimum: 1
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
periodSeconds:
type: integer
minimum: 1
@@ -494,10 +435,10 @@ spec:
type: integer
minimum: 1
description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
failureThreshold:
timeoutSeconds:
type: integer
minimum: 1
description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
description: Pod readiness checking.
jvmOptions:
type: object
@@ -507,14 +448,14 @@ spec:
type: string
type: object
description: A map of -XX options to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
"-Xms":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xms option to to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
gcLoggingEnabled:
type: boolean
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
@@ -590,32 +531,6 @@ spec:
required:
- topologyKey
description: Configuration of the node label which will be used as the `client.rack` consumer configuration.
metricsConfig:
type: object
properties:
type:
type: string
enum:
- jmxPrometheusExporter
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
valueFrom:
type: object
properties:
configMapKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to the key in the ConfigMap containing the configuration.
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
required:
- type
- valueFrom
description: Metrics configuration.
tracing:
type: object
properties:
@@ -701,13 +616,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -1110,6 +1018,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -1152,110 +1085,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka Connect `Pods`.
apiService:
type: object
@@ -1343,13 +1172,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1403,26 +1225,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Connect container.
initContainer:
type: object
@@ -1444,13 +1246,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1504,26 +1299,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka init container.
podDisruptionBudget:
type: object
@@ -1611,13 +1386,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -2020,6 +1788,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -2062,110 +1855,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes.
buildContainer:
type: object
@@ -2187,13 +1876,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -2247,26 +1929,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes.
buildConfig:
type: object
@@ -2325,7 +1987,7 @@ spec:
description: Annotations added to the Kubernetes resource.
description: Metadata applied to the resource.
description: Template for Secret of the Kafka Connect Cluster JMX authentication.
description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated."
externalConfiguration:
type: object
properties:
@@ -2340,16 +2002,6 @@ spec:
valueFrom:
type: object
properties:
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a Secret.
configMapKeyRef:
type: object
properties:
@@ -2360,6 +2012,16 @@ spec:
optional:
type: boolean
description: Reference to a key in a ConfigMap.
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a Secret.
description: Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
required:
- name
@@ -2370,6 +2032,27 @@ spec:
items:
type: object
properties:
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
name:
type: string
description: Name of the volume which will be added to the Kafka Connect pods.
@@ -2394,31 +2077,36 @@ spec:
secretName:
type: string
description: Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
required:
- name
description: Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.
description: Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors.
metricsConfig:
type: object
properties:
type:
type: string
enum:
- jmxPrometheusExporter
description: Metrics type. Only 'jmxPrometheusExporter' supported currently.
valueFrom:
type: object
properties:
configMapKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Reference to the key in the ConfigMap containing the configuration.
description: 'ConfigMap entry where the Prometheus JMX Exporter configuration is stored. '
required:
- type
- valueFrom
description: Metrics configuration.
required:
- connectCluster
description: The specification of the Kafka MirrorMaker 2 cluster.
@@ -2452,12 +2140,6 @@ spec:
url:
type: string
description: The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors.
connectors:
type: array
items:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API."
autoRestartStatuses:
type: array
items:
@@ -2478,16 +2160,22 @@ spec:
items:
type: object
properties:
class:
type: string
description: The class of the connector plugin.
type:
type: string
description: The type of the connector plugin. The available types are `sink` and `source`.
version:
type: string
description: The version of the connector plugin.
class:
type: string
description: The class of the connector plugin.
description: The list of connector plugins available in this Kafka Connect deployment.
connectors:
type: array
items:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "List of MirrorMaker 2 connector statuses, as reported by the Kafka Connect REST API."
labelSelector:
type: string
description: Label selector for pods providing this resource.

4
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/049-Crd-kafkarebalance.yaml
View File

@@ -51,10 +51,6 @@ spec:
description: There is an error on the custom resource
jsonPath: ".status.conditions[?(@.type==\"NotReady\")].status"
type: string
- name: Stopped
description: Processing the proposal or running rebalancing was stopped
jsonPath: ".status.conditions[?(@.type==\"Stopped\")].status"
type: string
schema:
openAPIV3Schema:
type: object

236
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml
View File

@@ -34,14 +34,6 @@ spec:
description: The desired number of replicas
jsonPath: .spec.replicas
type: integer
- name: Roles
description: Roles of the nodes in the pool
jsonPath: .status.roles
type: string
- name: NodeIds
description: Node IDs used by Kafka nodes in this pool
jsonPath: .status.nodeIds
type: string
schema:
openAPIV3Schema:
type: object
@@ -74,11 +66,6 @@ spec:
type: integer
minimum: 0
description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
kraftMetadata:
type: string
enum:
- shared
description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set."
overrides:
type: array
items:
@@ -90,7 +77,7 @@ spec:
broker:
type: integer
description: Id of the kafka broker (broker identifier).
description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers.
description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers.
selector:
additionalProperties:
type: string
@@ -124,12 +111,7 @@ spec:
id:
type: integer
minimum: 0
description: Storage identification number. Mandatory for storage volumes defined with a `jbod` storage type configuration.
kraftMetadata:
type: string
enum:
- shared
description: "Specifies whether this volume should be used for storing KRaft metadata. This property is optional. When set, the only currently supported value is `shared`. At most one volume can have this property set."
description: Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
overrides:
type: array
items:
@@ -141,7 +123,7 @@ spec:
broker:
type: integer
description: Id of the kafka broker (broker identifier).
description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers.
description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers.
selector:
additionalProperties:
type: string
@@ -185,20 +167,10 @@ spec:
name:
type: string
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$"
x-kubernetes-int-or-string: true
x-kubernetes-preserve-unknown-fields: true
type: object
description: CPU and memory resources to reserve.
jvmOptions:
@@ -209,14 +181,14 @@ spec:
type: string
type: object
description: A map of -XX options to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
"-Xms":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xms option to to the JVM.
"-Xmx":
type: string
pattern: "^[0-9]+[mMgG]?$"
description: -Xmx option to to the JVM.
gcLoggingEnabled:
type: boolean
description: Specifies whether the Garbage Collection logging is enabled. The default is false.
@@ -282,13 +254,6 @@ spec:
securityContext:
type: object
properties:
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
fsGroup:
type: integer
fsGroupChangePolicy:
@@ -691,6 +656,31 @@ spec:
value:
type: string
description: The pod's tolerations.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
topologySpreadConstraints:
type: array
items:
@@ -733,110 +723,6 @@ spec:
whenUnsatisfiable:
type: string
description: The pod's topology spread constraints.
priorityClassName:
type: string
description: 'The name of the priority class used to assign priority to the pods. '
schedulerName:
type: string
description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used."
hostAliases:
type: array
items:
type: object
properties:
hostnames:
type: array
items:
type: string
ip:
type: string
description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
enableServiceLinks:
type: boolean
description: Indicates whether information about services should be injected into Pod's environment variables.
tmpDirSizeLimit:
type: string
pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources."
volumes:
type: array
items:
type: object
properties:
name:
type: string
description: Name to use for the volume. Required.
secret:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
optional:
type: boolean
secretName:
type: string
description: Secret to use populate the volume.
configMap:
type: object
properties:
defaultMode:
type: integer
items:
type: array
items:
type: object
properties:
key:
type: string
mode:
type: integer
path:
type: string
name:
type: string
optional:
type: boolean
description: ConfigMap to use to populate the volume.
emptyDir:
type: object
properties:
medium:
type: string
sizeLimit:
type: object
properties:
amount:
type: string
format:
type: string
description: EmptyDir to use to populate the volume.
persistentVolumeClaim:
type: object
properties:
claimName:
type: string
readOnly:
type: boolean
description: PersistentVolumeClaim object to use to populate the volume.
oneOf:
- properties:
secret: {}
configMap: {}
emptyDir: {}
persistentVolumeClaim: {}
required: []
description: Additional volumes that can be mounted to the pod.
description: Template for Kafka `Pods`.
perPodService:
type: object
@@ -930,13 +816,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -990,26 +869,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka broker container.
initContainer:
type: object
@@ -1031,13 +890,6 @@ spec:
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
type: object
properties:
localhostProfile:
type: string
type:
type: string
capabilities:
type: object
properties:
@@ -1091,26 +943,6 @@ spec:
runAsUserName:
type: string
description: Security context for the container.
volumeMounts:
type: array
items:
type: object
properties:
mountPath:
type: string
mountPropagation:
type: string
name:
type: string
readOnly:
type: boolean
recursiveReadOnly:
type: string
subPath:
type: string
subPathExpr:
type: string
description: Additional volume mounts which should be applied to the container.
description: Template for the Kafka init container.
description: Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated.
required:

2796
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-cruise-control.json
View File

File diff suppressed because it is too large Load Diff

4786
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-bridge.json
View File

File diff suppressed because it is too large Load Diff

1654
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-connect.json
View File

File diff suppressed because it is too large Load Diff

1589
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json
View File

File diff suppressed because it is too large Load Diff

2193
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-mirror-maker-2.json
View File

File diff suppressed because it is too large Load Diff

908
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-oauth.json
View File

File diff suppressed because it is too large Load Diff

4021
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka.json
View File

File diff suppressed because it is too large Load Diff

2834
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kraft.json
View File

File diff suppressed because it is too large Load Diff

2450
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-operators.json
View File

File diff suppressed because it is too large Load Diff

1856
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-zookeeper.json
View File

File diff suppressed because it is too large Load Diff

3
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/020-ClusterRole-strimzi-cluster-operator-role.yaml
View File

@@ -91,9 +91,10 @@ rules:
- patch
- update
- apiGroups:
- "" # legacy core events api, used by topic operator
- "events.k8s.io" # new events api, used by cluster operator
resources:
# The cluster operator needs to be able to create events
# The cluster operator needs to be able to create events and delegate permissions to do so
- events
verbs:
- create

Some files were not shown because too many files have changed in this diff Show More