diff --git a/base/cert-manager/helmrelease.yaml b/base/cert-manager/helmrelease.yaml
index cf763188aec794bf0319f746ba5c03a74e495356..df6c1ec88c74d59c9c879e88d01ff89161fcd261 100644
--- a/base/cert-manager/helmrelease.yaml
+++ b/base/cert-manager/helmrelease.yaml
@@ -1,34 +1,30 @@
----
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
- interval: 2m
-
chart:
spec:
chart: cert-manager
- version: v1.0.3
+ interval: 5m
sourceRef:
- kind: HelmRepository
name: jetstack
namespace: flux-system
- interval: 5m
-
- valuesFrom:
- - kind: ConfigMap
- name: env-values
- optional: true
- - kind: Secret
- name: env-values
- optional: true
-
+ kind: HelmRepository
+ version: v1.0.3
+ interval: 2m
values:
installCRDs: true
prometheus:
servicemonitor:
- enabled: false
labels:
release: monitoring
+ enabled: false
+ valuesFrom:
+ - name: env-values
+ kind: ConfigMap
+ optional: true
+ - name: env-values
+ kind: Secret
+ optional: true
diff --git a/base/cert-manager/kustomization.yaml b/base/cert-manager/kustomization.yaml
index 546c618ad939bfe128be67a9c74cadfee52a8420..daf7b9b7ba001ea887c54c8bb2d13a7a3602d33c 100644
--- a/base/cert-manager/kustomization.yaml
+++ b/base/cert-manager/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- - namespace.yaml
- - helmrelease.yaml
\ No newline at end of file
+- namespace.yaml
+- helmrelease.yaml
diff --git a/base/cert-manager/namespace.yaml b/base/cert-manager/namespace.yaml
index 6bc19f4ccc14e7e55832f2bddc80bc224d6d4a87..c90416ff47760d86ee1006fe08ce40cc39ec6d77 100644
--- a/base/cert-manager/namespace.yaml
+++ b/base/cert-manager/namespace.yaml
@@ -1,4 +1,3 @@
----
apiVersion: v1
kind: Namespace
metadata:
diff --git a/base/flux/chart-repositories/banzaicloud.yaml b/base/flux/chart-repositories/banzaicloud.yaml
index ed3d2cd4ddb578d0610d29e8b7502e820e663dc5..04e2cd2edf82bd53ab470f188a715ed34e2646c5 100644
--- a/base/flux/chart-repositories/banzaicloud.yaml
+++ b/base/flux/chart-repositories/banzaicloud.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://kubernetes-charts.banzaicloud.com
timeout: 3m
+ url: https://kubernetes-charts.banzaicloud.com
diff --git a/base/flux/chart-repositories/gitlab.yaml b/base/flux/chart-repositories/gitlab.yaml
index 080c6bdfd944f2bdc9578d40233aa308d20657f1..d87984ff787b112ea19f995e612e6d0aec5f1c64 100644
--- a/base/flux/chart-repositories/gitlab.yaml
+++ b/base/flux/chart-repositories/gitlab.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://charts.gitlab.io/
timeout: 3m
+ url: https://charts.gitlab.io/
diff --git a/base/flux/chart-repositories/grafana-loki.yaml b/base/flux/chart-repositories/grafana-loki.yaml
index bf9cb298862bec57b2c5d8f56dc85b1505fc1ccd..d6c6fa3907f39c6d3bb3705f2bfbdb8d154ff5da 100644
--- a/base/flux/chart-repositories/grafana-loki.yaml
+++ b/base/flux/chart-repositories/grafana-loki.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://grafana.github.io/loki/charts
timeout: 3m
+ url: https://grafana.github.io/loki/charts
diff --git a/base/flux/chart-repositories/jetstack.yaml b/base/flux/chart-repositories/jetstack.yaml
index 1847b45d7604fb22ebb02d529bf84ec3b0ccc940..fe3269293c6e951bdb0c891a835db9ad49cb7cea 100644
--- a/base/flux/chart-repositories/jetstack.yaml
+++ b/base/flux/chart-repositories/jetstack.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://charts.jetstack.io/
timeout: 3m
+ url: https://charts.jetstack.io/
diff --git a/base/flux/chart-repositories/kustomization.yaml b/base/flux/chart-repositories/kustomization.yaml
index f65b84983937bb3a6edb0dd2a67aa6292a63fa7f..1c9f7aff2ca3c24b1badb8eb26e8ff188fc4a496 100644
--- a/base/flux/chart-repositories/kustomization.yaml
+++ b/base/flux/chart-repositories/kustomization.yaml
@@ -1,8 +1,8 @@
resources:
- - banzaicloud.yaml
- - gitlab.yaml
- - grafana-loki.yaml
- - jetstack.yaml
- - podinfo.yaml
- - prometheus-community.yaml
- - rancher-latest.yaml
\ No newline at end of file
+- banzaicloud.yaml
+- gitlab.yaml
+- grafana-loki.yaml
+- jetstack.yaml
+- podinfo.yaml
+- prometheus-community.yaml
+- rancher-latest.yaml
diff --git a/base/flux/chart-repositories/podinfo.yaml b/base/flux/chart-repositories/podinfo.yaml
index ae47775b1b6c8d91c40e644d584f977bd6b05d46..9d289ce751577380490ed54d8ec9ce6a580d79dc 100644
--- a/base/flux/chart-repositories/podinfo.yaml
+++ b/base/flux/chart-repositories/podinfo.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://stefanprodan.github.io/podinfo
timeout: 3m
+ url: https://stefanprodan.github.io/podinfo
diff --git a/base/flux/chart-repositories/prometheus-community.yaml b/base/flux/chart-repositories/prometheus-community.yaml
index 4df5c024927d577835248e746148581563c3db92..c21aa70676ca21ecb659e0e282d42d93b8b56c5d 100644
--- a/base/flux/chart-repositories/prometheus-community.yaml
+++ b/base/flux/chart-repositories/prometheus-community.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://prometheus-community.github.io/helm-charts
timeout: 3m
+ url: https://prometheus-community.github.io/helm-charts
diff --git a/base/flux/chart-repositories/rancher-latest.yaml b/base/flux/chart-repositories/rancher-latest.yaml
index 2c8be5caa511d5afc8e8a499073451e8202018ee..60f4917ebe0e6c0af58ba9f77e6156f275dcc6df 100644
--- a/base/flux/chart-repositories/rancher-latest.yaml
+++ b/base/flux/chart-repositories/rancher-latest.yaml
@@ -5,5 +5,5 @@ metadata:
namespace: flux-system
spec:
interval: 24h
- url: https://releases.rancher.com/server-charts/latest
timeout: 3m
+ url: https://releases.rancher.com/server-charts/latest
diff --git a/base/flux/kustomization.yaml b/base/flux/kustomization.yaml
index 85f9b938619851b077d5cec8c6d6f20aeb30ff36..0b1387b8f104dc164dc926ce5a645ecb40599d46 100644
--- a/base/flux/kustomization.yaml
+++ b/base/flux/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- - toolkit
- - chart-repositories
\ No newline at end of file
+- toolkit
+- chart-repositories
diff --git a/base/flux/toolkit/all.yaml b/base/flux/toolkit/all.yaml
index d18a6c339f5faebe6e73358c5f731a2f531eb5af..35f49e848d599786bdcd199e679941f3f09da73d 100644
--- a/base/flux/toolkit/all.yaml
+++ b/base/flux/toolkit/all.yaml
@@ -1,29 +1,28 @@
----
# GitOps Toolkit revision latest
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
metadata:
+ name: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: flux-system
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
+ name: allow-scraping
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: allow-scraping
- namespace: flux-system
spec:
ingress:
- - from:
+ - ports:
+ - protocol: TCP
+ port: 8080
+ from:
- namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
podSelector: {}
policyTypes:
- Ingress
@@ -31,11 +30,11 @@ spec:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
+ name: allow-webhooks
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: allow-webhooks
- namespace: flux-system
spec:
ingress:
- from:
@@ -49,11 +48,11 @@ spec:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
+ name: deny-ingress
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: deny-ingress
- namespace: flux-system
spec:
ingress:
- from:
@@ -65,47 +64,47 @@ spec:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
+ name: crd-controller-flux-system
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: crd-controller-flux-system
- namespace: flux-system
rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - source.toolkit.fluxcd.io
verbs:
- '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - kustomize.toolkit.fluxcd.io
verbs:
- '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - helm.toolkit.fluxcd.io
verbs:
- '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - notification.toolkit.fluxcd.io
verbs:
- '*'
-- apiGroups:
- - ""
- resources:
+- resources:
- configmaps
- configmaps/status
+ apiGroups:
+ - ""
verbs:
- '*'
-- apiGroups:
- - ""
- resources:
+- resources:
- events
+ apiGroups:
+ - ""
verbs:
- create
- patch
@@ -113,46 +112,46 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
+ name: crd-controller-flux-system
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: crd-controller-flux-system
- namespace: flux-system
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
name: crd-controller-flux-system
+ kind: Role
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: default
+- name: default
namespace: flux-system
+ kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
+ name: cluster-reconciler-flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: cluster-reconciler-flux-system
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
name: cluster-admin
+ kind: ClusterRole
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: default
+- name: default
namespace: flux-system
+ kind: ServiceAccount
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: buckets.source.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: buckets.source.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: source.toolkit.fluxcd.io
names:
@@ -162,135 +161,155 @@ spec:
singular: bucket
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: URL
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ jsonPath: .spec.url
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: Bucket is the Schema for the buckets API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
- description: BucketSpec defines the desired state of an S3 compatible bucket
+ type: object
+ description: BucketSpec defines the desired state of an S3 compatible
+ bucket
properties:
+ secretRef:
+ type: object
+ description: The name of the secret containing authentication credentials
+ for the Bucket.
+ properties:
+ name:
+ type: string
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
bucketName:
- description: The bucket name.
type: string
+ description: The bucket name.
endpoint:
- description: The bucket endpoint address.
type: string
+ description: The bucket endpoint address.
ignore:
- description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
type: string
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
type: boolean
+ description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
interval:
- description: The interval at which to check for bucket updates.
type: string
+ description: The interval at which to check for bucket updates.
provider:
+ type: string
description: The S3 compatible storage provider name, default ('generic').
enum:
- generic
- aws
- type: string
region:
- description: The bucket region.
type: string
- secretRef:
- description: The name of the secret containing authentication credentials for the Bucket.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
+ description: The bucket region.
timeout:
- description: The timeout for download operations, defaults to 20s.
type: string
+ description: The timeout for download operations, defaults to 20s.
required:
- bucketName
- endpoint
- interval
- type: object
status:
+ type: object
description: BucketStatus defines the observed state of a bucket
properties:
artifact:
- description: Artifact represents the output of the last successful Bucket sync.
+ type: object
+ description: Artifact represents the output of the last successful
+ Bucket sync.
properties:
+ revision:
+ type: string
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
type: string
+ description: Checksum is the SHA1 checksum of the artifact.
lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
type: string
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
+ description: Path is the relative file path of this artifact.
url:
- description: URL is the HTTP address of this artifact.
type: string
+ description: URL is the HTTP address of this artifact.
required:
- path
- url
- type: object
conditions:
+ type: array
description: Conditions holds the conditions for the Bucket.
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
observedGeneration:
+ type: integer
description: ObservedGeneration is the last observed generation.
format: int64
- type: integer
url:
- description: URL is the download link for the artifact output of the last Bucket sync.
type: string
- type: object
- type: object
+ description: URL is the download link for the artifact output of the
+ last Bucket sync.
served: true
storage: true
subresources:
@@ -305,13 +324,13 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: gitrepositories.source.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: gitrepositories.source.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: source.toolkit.fluxcd.io
names:
@@ -321,154 +340,183 @@ spec:
singular: gitrepository
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: URL
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ jsonPath: .spec.url
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: GitRepository is the Schema for the gitrepositories API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: GitRepositorySpec defines the desired state of a Git repository.
properties:
+ secretRef:
+ type: object
+ description: The secret name containing the Git credentials. For HTTPS
+ repositories the secret must contain username and password fields.
+ For SSH repositories the secret must contain identity, identity.pub
+ and known_hosts fields.
+ properties:
+ name:
+ type: string
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
ignore:
- description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
type: string
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
interval:
- description: The interval at which to check for repository updates.
type: string
+ description: The interval at which to check for repository updates.
ref:
- description: The Git reference to checkout and monitor for changes, defaults to master branch.
+ type: object
+ description: The Git reference to checkout and monitor for changes,
+ defaults to master branch.
properties:
branch:
- description: The Git branch to checkout, defaults to master.
type: string
+ description: The Git branch to checkout, defaults to master.
commit:
- description: The Git commit SHA to checkout, if specified Tag filters will be ignored.
type: string
+ description: The Git commit SHA to checkout, if specified Tag
+ filters will be ignored.
semver:
- description: The Git tag semver expression, takes precedence over Tag.
type: string
+ description: The Git tag semver expression, takes precedence over
+ Tag.
tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: The Git tag to checkout, takes precedence over Branch.
timeout:
- description: The timeout for remote Git operations like cloning, defaults to 20s.
type: string
+ description: The timeout for remote Git operations like cloning, defaults
+ to 20s.
url:
+ type: string
description: The repository URL, can be a HTTP/S or SSH address.
pattern: ^(http|https|ssh)://
- type: string
verify:
- description: Verify OpenPGP signature for the Git commit HEAD points to.
+ type: object
+ description: Verify OpenPGP signature for the Git commit HEAD points
+ to.
properties:
- mode:
- description: Mode describes what git object should be verified, currently ('head').
- enum:
- - head
- type: string
secretRef:
- description: The secret name containing the public keys of all trusted Git authors.
+ type: object
+ description: The secret name containing the public keys of all
+ trusted Git authors.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ mode:
+ type: string
+ description: Mode describes what git object should be verified,
+ currently ('head').
+ enum:
+ - head
required:
- mode
- type: object
required:
- interval
- url
- type: object
status:
+ type: object
description: GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
- description: Artifact represents the output of the last successful repository sync.
+ type: object
+ description: Artifact represents the output of the last successful
+ repository sync.
properties:
+ revision:
+ type: string
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
type: string
+ description: Checksum is the SHA1 checksum of the artifact.
lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
type: string
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
+ description: Path is the relative file path of this artifact.
url:
- description: URL is the HTTP address of this artifact.
type: string
+ description: URL is the HTTP address of this artifact.
required:
- path
- url
- type: object
conditions:
+ type: array
description: Conditions holds the conditions for the GitRepository.
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
observedGeneration:
+ type: integer
description: ObservedGeneration is the last observed generation.
format: int64
- type: integer
url:
- description: URL is the download link for the artifact output of the last repository sync.
type: string
- type: object
- type: object
+ description: URL is the download link for the artifact output of the
+ last repository sync.
served: true
storage: true
subresources:
@@ -483,13 +531,13 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: helmcharts.source.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: helmcharts.source.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: source.toolkit.fluxcd.io
names:
@@ -499,142 +547,159 @@ spec:
singular: helmchart
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: Chart
type: string
- - jsonPath: .spec.version
- name: Version
+ jsonPath: .spec.chart
+ - name: Version
type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
+ jsonPath: .spec.version
+ - name: Source Kind
type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
+ jsonPath: .spec.sourceRef.kind
+ - name: Source Name
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ jsonPath: .spec.sourceRef.name
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: HelmChart is the Schema for the helmcharts API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: HelmChartSpec defines the desired state of a Helm chart.
properties:
chart:
- description: The name or path the Helm chart is available at in the SourceRef.
type: string
+ description: The name or path the Helm chart is available at in the
+ SourceRef.
interval:
- description: The interval at which to check the Source for updates.
type: string
+ description: The interval at which to check the Source for updates.
sourceRef:
+ type: object
description: The reference to the Source the chart is available at.
properties:
+ name:
+ type: string
+ description: Name of the referent.
apiVersion:
- description: APIVersion of the referent.
type: string
+ description: APIVersion of the referent.
kind:
- description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+ type: string
+ description: Kind of the referent, valid values are ('HelmRepository',
+ 'GitRepository', 'Bucket').
enum:
- HelmRepository
- GitRepository
- Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
required:
- kind
- name
- type: object
valuesFile:
- description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
type: string
+ description: Alternative values file to use as the default chart values,
+ expected to be a relative path in the SourceRef. Ignored when omitted.
version:
- description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.
type: string
+ description: The chart version semver expression, ignored for charts
+ from GitRepository and Bucket sources. Defaults to latest when omitted.
required:
- chart
- interval
- sourceRef
- type: object
status:
+ type: object
description: HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
- description: Artifact represents the output of the last successful chart sync.
+ type: object
+ description: Artifact represents the output of the last successful
+ chart sync.
properties:
+ revision:
+ type: string
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
type: string
+ description: Checksum is the SHA1 checksum of the artifact.
lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
type: string
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
+ description: Path is the relative file path of this artifact.
url:
- description: URL is the HTTP address of this artifact.
type: string
+ description: URL is the HTTP address of this artifact.
required:
- path
- url
- type: object
conditions:
+ type: array
description: Conditions holds the conditions for the HelmChart.
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
observedGeneration:
+ type: integer
description: ObservedGeneration is the last observed generation.
format: int64
- type: integer
url:
- description: URL is the download link for the last chart pulled.
type: string
- type: object
- type: object
+ description: URL is the download link for the last chart pulled.
served: true
storage: true
subresources:
@@ -649,13 +714,13 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: helmrepositories.source.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: helmrepositories.source.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: source.toolkit.fluxcd.io
names:
@@ -665,116 +730,134 @@ spec:
singular: helmrepository
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: URL
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ jsonPath: .spec.url
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: HelmRepository is the Schema for the helmrepositories API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: HelmRepositorySpec defines the reference to a Helm repository.
properties:
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
secretRef:
- description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields.
+ type: object
+ description: The name of the secret containing authentication credentials
+ for the Helm repository. For HTTP/S basic auth the secret must contain
+ username and password fields. For TLS the secret must contain a
+ certFile and keyFile, and/or caCert fields.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ interval:
+ type: string
+ description: The interval at which to check the upstream for updates.
timeout:
- description: The timeout of index downloading, defaults to 60s.
type: string
+ description: The timeout of index downloading, defaults to 60s.
url:
- description: The Helm repository URL, a valid URL contains at least a protocol and host.
type: string
+ description: The Helm repository URL, a valid URL contains at least
+ a protocol and host.
required:
- interval
- url
- type: object
status:
+ type: object
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
- description: Artifact represents the output of the last successful repository sync.
+ type: object
+ description: Artifact represents the output of the last successful
+ repository sync.
properties:
+ revision:
+ type: string
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
type: string
+ description: Checksum is the SHA1 checksum of the artifact.
lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
type: string
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
+ description: Path is the relative file path of this artifact.
url:
- description: URL is the HTTP address of this artifact.
type: string
+ description: URL is the HTTP address of this artifact.
required:
- path
- url
- type: object
conditions:
+ type: array
description: Conditions holds the conditions for the HelmRepository.
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
observedGeneration:
+ type: integer
description: ObservedGeneration is the last observed generation.
format: int64
- type: integer
url:
- description: URL is the download link for the last index fetched.
type: string
- type: object
- type: object
+ description: URL is the download link for the last index fetched.
served: true
storage: true
subresources:
@@ -789,31 +872,31 @@ status:
apiVersion: v1
kind: Service
metadata:
+ name: source-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: source-controller
- namespace: flux-system
spec:
+ type: ClusterIP
+ selector:
+ app: source-controller
ports:
- name: http
- port: 80
protocol: TCP
+ port: 80
targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: source-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: source-controller
- namespace: flux-system
spec:
replicas: 1
selector:
@@ -821,41 +904,36 @@ spec:
app: source-controller
template:
metadata:
+ labels:
+ app: source-controller
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
- labels:
- app: source-controller
spec:
+ terminationGracePeriodSeconds: 10
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: ghcr.io/fluxcd/source-controller:v0.2.1
+ args:
- --events-addr=http://notification-controller/
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
- --storage-path=/data
+ ports:
+ - name: http
+ containerPort: 9090
+ - name: http-prom
+ containerPort: 8080
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.2.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /
- port: http
- name: manager
- ports:
- - containerPort: 9090
- name: http
- - containerPort: 8080
- name: http-prom
- readinessProbe:
- httpGet:
- path: /
- port: http
resources:
limits:
cpu: 1000m
@@ -863,34 +941,39 @@ spec:
requests:
cpu: 50m
memory: 64Mi
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: tmp
+ mountPath: /tmp
+ livenessProbe:
+ httpGet:
+ port: http
+ path: /
+ readinessProbe:
+ httpGet:
+ port: http
+ path: /
+ imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
+ - name: data
+ emptyDir: {}
+ - name: tmp
+ emptyDir: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: kustomizations.kustomize.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: kustomizations.kustomize.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: kustomize.toolkit.fluxcd.io
names:
@@ -902,236 +985,275 @@ spec:
singular: kustomization
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: KustomizationSpec defines the desired state of a kustomization.
properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the cluster.
+ serviceAccount:
+ type: object
+ description: The Kubernetes service account used for applying the
+ kustomization.
properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
+ name:
type: string
+ description: Name is the name of the service account being referenced.
+ namespace:
+ type: string
+ description: Namespace is the namespace of the service account
+ being referenced.
+ required:
+ - name
+ - namespace
+ decryption:
+ type: object
+ description: Decrypt Kubernetes secrets before applying them on the
+ cluster.
+ properties:
secretRef:
- description: The secret name containing the private OpenPGP keys used for decryption.
+ type: object
+ description: The secret name containing the private OpenPGP keys
+ used for decryption.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ provider:
+ type: string
+ description: Provider is the name of the decryption engine.
+ enum:
+ - sops
required:
- provider
- type: object
dependsOn:
- description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.
+ type: array
+ description: DependsOn may contain a dependency.CrossNamespaceDependencyReference
+ slice with references to Kustomization resources that must be ready
+ before this Kustomization can be reconciled.
items:
- description: CrossNamespaceDependencyReference holds the reference to a dependency.
+ type: object
+ description: CrossNamespaceDependencyReference holds the reference
+ to a dependency.
properties:
name:
- description: Name holds the name reference of a dependency.
type: string
+ description: Name holds the name reference of a dependency.
namespace:
- description: Namespace holds the namespace reference of a dependency.
type: string
+ description: Namespace holds the namespace reference of a dependency.
required:
- name
- type: object
- type: array
healthChecks:
+ type: array
description: A list of resources to be included in the health assessment.
items:
- description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
+ type: object
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
properties:
- apiVersion:
- description: API version of the referent, defaults to 'apps/v1'
- type: string
- kind:
- description: Kind of the referent
- type: string
name:
- description: Name of the referent
type: string
+ description: Name of the referent
namespace:
+ type: string
description: Namespace of the referent
+ apiVersion:
+ type: string
+ description: API version of the referent, defaults to 'apps/v1'
+ kind:
type: string
+ description: Kind of the referent
required:
- kind
- name
- type: object
- type: array
interval:
- description: The interval at which to reconcile the kustomization.
type: string
+ description: The interval at which to reconcile the kustomization.
kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a remote cluster.
+ type: object
+ description: The KubeConfig for reconciling the Kustomization on a
+ remote cluster.
properties:
secretRef:
- description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization.
+ type: object
+ description: SecretRef holds the name to a secret that contains
+ a 'value' key with the kubeconfig file as the value. It must
+ be in the same namespace as the Kustomization. It is recommended
+ that the kubeconfig is self-contained, and the secret is regularly
+ updated if credentials such as a cloud-access-token expire.
+ Cloud specific `cmd-path` auth helpers will not function without
+ adding binaries and credentials to the Pod that is responsible
+ for reconciling the Kustomization.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
path:
+ type: string
description: Path to the directory containing the kustomization file.
pattern: ^\./
- type: string
prune:
- description: Prune enables garbage collection.
type: boolean
- serviceAccount:
- description: The Kubernetes service account used for applying the kustomization.
+ description: Prune enables garbage collection.
+ sourceRef:
+ type: object
+ description: Reference of the source where the kustomization file
+ is.
properties:
name:
- description: Name is the name of the service account being referenced.
type: string
+ description: Name of the referent
namespace:
- description: Namespace is the namespace of the service account being referenced.
type: string
- required:
- - name
- - namespace
- type: object
- sourceRef:
- description: Reference of the source where the kustomization file is.
- properties:
+ description: Namespace of the referent, defaults to the Kustomization
+ namespace
apiVersion:
- description: API version of the referent
type: string
+ description: API version of the referent
kind:
+ type: string
description: Kind of the referent
enum:
- GitRepository
- Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization namespace
- type: string
required:
- kind
- name
- type: object
suspend:
- description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.
type: boolean
+ description: This flag tells the controller to suspend subsequent
+ kustomize executions, it does not apply to already started executions.
+ Defaults to false.
targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file.
+ type: string
+ description: TargetNamespace sets or overrides the namespace in the
+ kustomization.yaml file.
maxLength: 63
minLength: 1
- type: string
timeout:
- description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.
type: string
+ description: Timeout for validation, apply and health checking operations.
+ Defaults to 'Interval' duration.
validation:
- description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run) or 'server' (APIServer dry-run).
+ type: string
+ description: Validate the Kubernetes objects before applying them
+ on the cluster. The validation strategy can be 'client' (local dry-run)
+ or 'server' (APIServer dry-run).
enum:
- client
- server
- type: string
required:
- interval
- path
- prune
- sourceRef
- type: object
status:
+ type: object
description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
+ type: array
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
lastAppliedRevision:
- description: The last successfully applied revision. The revision format for Git sources is <branch|tag>/<commit-sha>.
type: string
+ description: The last successfully applied revision. The revision
+ format for Git sources is <branch|tag>/<commit-sha>.
lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation attempt.
type: string
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
type: string
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
observedGeneration:
+ type: integer
description: ObservedGeneration is the last reconciled generation.
format: int64
- type: integer
snapshot:
+ type: object
description: The last successfully applied revision metadata.
properties:
checksum:
- description: The manifests sha1 checksum.
type: string
+ description: The manifests sha1 checksum.
entries:
+ type: array
description: A list of Kubernetes kinds grouped by namespace.
items:
- description: Snapshot holds the metadata of namespaced Kubernetes objects
+ type: object
+ description: Snapshot holds the metadata of namespaced Kubernetes
+ objects
properties:
+ namespace:
+ type: string
+ description: The namespace of this entry.
kinds:
+ type: object
additionalProperties:
type: string
description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
required:
- kinds
- type: object
- type: array
required:
- checksum
- entries
- type: object
- type: object
- type: object
served: true
storage: true
subresources:
@@ -1146,12 +1268,12 @@ status:
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: kustomize-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: kustomize-controller
- namespace: flux-system
spec:
replicas: 1
selector:
@@ -1159,41 +1281,36 @@ spec:
app: kustomize-controller
template:
metadata:
+ labels:
+ app: kustomize-controller
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
spec:
+ terminationGracePeriodSeconds: 10
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: ghcr.io/fluxcd/kustomize-controller:v0.2.0
+ args:
- --events-addr=http://notification-controller/
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
+ ports:
+ - name: http-prom
+ containerPort: 8080
+ - name: healthz
+ protocol: TCP
+ containerPort: 9440
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.2.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
resources:
limits:
cpu: 1000m
@@ -1201,30 +1318,35 @@ spec:
requests:
cpu: 100m
memory: 64Mi
+ volumeMounts:
+ - name: temp
+ mountPath: /tmp
+ livenessProbe:
+ httpGet:
+ port: healthz
+ path: /healthz
+ readinessProbe:
+ httpGet:
+ port: healthz
+ path: /readyz
+ imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
volumes:
- - emptyDir: {}
- name: temp
+ - name: temp
+ emptyDir: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: helmreleases.helm.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: helmreleases.helm.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: helm.toolkit.fluxcd.io
names:
@@ -1236,360 +1358,480 @@ spec:
singular: helmrelease
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ - name: v2beta1
+ additionalPrinterColumns:
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v2beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: HelmReleaseSpec defines the desired state of a Helm release.
properties:
chart:
- description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
+ type: object
+ description: Chart defines the template of the v1beta1.HelmChart that
+ should be created for this HelmRelease.
properties:
spec:
- description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease.
+ type: object
+ description: Spec holds the template for the v1beta1.HelmChartSpec
+ for this HelmRelease.
properties:
chart:
- description: The name or path the Helm chart is available at in the SourceRef.
type: string
+ description: The name or path the Helm chart is available
+ at in the SourceRef.
interval:
- description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.
type: string
+ description: Interval at which to check the v1beta1.Source
+ for updates. Defaults to 'HelmReleaseSpec.Interval'.
sourceRef:
- description: The name and namespace of the v1beta1.Source the chart is available at.
+ type: object
+ description: The name and namespace of the v1beta1.Source
+ the chart is available at.
properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
name:
+ type: string
description: Name of the referent.
maxLength: 253
minLength: 1
- type: string
namespace:
+ type: string
description: Namespace of the referent.
maxLength: 63
minLength: 1
+ apiVersion:
type: string
+ description: APIVersion of the referent.
+ kind:
+ type: string
+ description: Kind of the referent.
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
required:
- name
- type: object
valuesFile:
- description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
type: string
+ description: Alternative values file to use as the default
+ chart values, expected to be a relative path in the SourceRef.
+ Ignored when omitted.
version:
- description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted.
type: string
+ description: Version semver expression, ignored for charts
+ from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults
+ to latest when omitted.
required:
- chart
- sourceRef
- type: object
required:
- spec
- type: object
dependsOn:
- description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.
+ type: array
+ description: DependsOn may contain a dependency.CrossNamespaceDependencyReference
+ slice with references to HelmRelease resources that must be ready
+ before this HelmRelease can be reconciled.
items:
- description: CrossNamespaceDependencyReference holds the reference to a dependency.
+ type: object
+ description: CrossNamespaceDependencyReference holds the reference
+ to a dependency.
properties:
name:
- description: Name holds the name reference of a dependency.
type: string
+ description: Name holds the name reference of a dependency.
namespace:
- description: Namespace holds the namespace reference of a dependency.
type: string
+ description: Namespace holds the namespace reference of a dependency.
required:
- name
- type: object
- type: array
install:
- description: Install holds the configuration for Helm install actions for this HelmRelease.
+ type: object
+ description: Install holds the configuration for Helm install actions
+ for this HelmRelease.
properties:
disableHooks:
- description: DisableHooks prevents hooks from running during the Helm install action.
type: boolean
+ description: DisableHooks prevents hooks from running during the
+ Helm install action.
disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.
type: boolean
+ description: DisableOpenAPIValidation prevents the Helm install
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed.
type: boolean
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm install has been performed.
remediation:
- description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.
+ type: object
+ description: Remediation holds the remediation configuration for
+ when the Helm install action for the HelmRelease fails. The
+ default is to not perform any action.
properties:
ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.
type: boolean
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an install
+ action but fail. Defaults to 'Test.IgnoreFailures'.
remediateLastFailure:
- description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.
type: boolean
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false'.
retries:
- description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
type: integer
- type: object
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ an uninstall, is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
replace:
- description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.
type: boolean
+ description: Replace tells the Helm install action to re-use the
+ 'ReleaseName', but only if that name is a deleted release which
+ remains in the history.
skipCRDs:
- description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present.
type: boolean
+ description: SkipCRDs tells the Helm install action to not install
+ any CRDs. By default, CRDs are installed if not already present.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
- type: object
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
interval:
- description: Interval at which to reconcile the Helm release.
type: string
+ description: Interval at which to reconcile the Helm release.
kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote cluster.
+ type: object
+ description: KubeConfig for reconciling the HelmRelease on a remote
+ cluster.
properties:
secretRef:
- description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease.
+ type: object
+ description: SecretRef holds the name to a secret that contains
+ a 'value' key with the kubeconfig file as the value. It must
+ be in the same namespace as the HelmRelease. It is recommended
+ that the kubeconfig is self-contained, and the secret is regularly
+ updated if credentials such as a cloud-access-token expire.
+ Cloud specific `cmd-path` auth helpers will not function without
+ adding binaries and credentials to the Pod that is responsible
+ for reconciling the HelmRelease.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.
type: integer
+ description: MaxHistory is the number of revisions saved by Helm for
+ this HelmRelease. Use '0' for an unlimited number of revisions;
+ defaults to '10'.
releaseName:
- description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.
+ type: string
+ description: ReleaseName used for the Helm release. Defaults to a
+ composition of '[TargetNamespace-]Name'.
maxLength: 53
minLength: 1
- type: string
rollback:
- description: Rollback holds the configuration for Helm rollback actions for this HelmRelease.
+ type: object
+ description: Rollback holds the configuration for Helm rollback actions
+ for this HelmRelease.
properties:
cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.
type: boolean
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm rollback action when it fails.
disableHooks:
- description: DisableHooks prevents hooks from running during the Helm rollback action.
type: boolean
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.
type: boolean
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm rollback has been performed.
force:
- description: Force forces resource updates through a replacement strategy.
type: boolean
+ description: Force forces resource updates through a replacement
+ strategy.
recreate:
- description: Recreate performs pod restarts for the resource if applicable.
type: boolean
+ description: Recreate performs pod restarts for the resource if
+ applicable.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
- type: object
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
suspend:
- description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.
type: boolean
+ description: Suspend tells the controller to suspend reconciliation
+ for this HelmRelease, it does not apply to already started reconciliations.
+ Defaults to false.
targetNamespace:
- description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.
+ type: string
+ description: TargetNamespace to target when performing operations
+ for the HelmRelease. Defaults to the namespace of the HelmRelease.
maxLength: 63
minLength: 1
- type: string
test:
- description: Test holds the configuration for Helm test actions for this HelmRelease.
+ type: object
+ description: Test holds the configuration for Helm test actions for
+ this HelmRelease.
properties:
enable:
- description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.
type: boolean
+ description: Enable enables Helm test actions for this HelmRelease
+ after an Helm install or upgrade action has been performed.
ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
type: boolean
+ description: IgnoreFailures tells the controller to skip remediation
+ when the Helm tests are run but fail. Can be overwritten for
+ tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
+ and 'Upgrade.IgnoreTestFailures'.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
- type: object
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation during the performance of a Helm test action. Defaults
+ to 'HelmReleaseSpec.Timeout'.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.
type: string
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a Helm
+ action. Defaults to '5m0s'.
uninstall:
- description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.
+ type: object
+ description: Uninstall holds the configuration for Helm uninstall
+ actions for this HelmRelease.
properties:
disableHooks:
- description: DisableHooks prevents hooks from running during the Helm rollback action.
type: boolean
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
keepHistory:
- description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.
type: boolean
+ description: KeepHistory tells Helm to remove all associated resources
+ and mark the release as deleted, but retain the release history.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
- type: object
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.
+ type: object
+ description: Upgrade holds the configuration for Helm upgrade actions
+ for this HelmRelease.
properties:
cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.
type: boolean
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm upgrade action when it fails.
disableHooks:
- description: DisableHooks prevents hooks from running during the Helm upgrade action.
type: boolean
+ description: DisableHooks prevents hooks from running during the
+ Helm upgrade action.
disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.
type: boolean
+ description: DisableOpenAPIValidation prevents the Helm upgrade
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.
type: boolean
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm upgrade has been performed.
force:
- description: Force forces resource updates through a replacement strategy.
type: boolean
+ description: Force forces resource updates through a replacement
+ strategy.
preserveValues:
- description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.
type: boolean
+ description: PreserveValues will make Helm reuse the last release's
+ values and merge in overrides from 'Values'. Setting this flag
+ makes the HelmRelease non-declarative.
remediation:
- description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.
+ type: object
+ description: Remediation holds the remediation configuration for
+ when the Helm upgrade action for the HelmRelease fails. The
+ default is to not perform any action.
properties:
+ strategy:
+ type: string
+ description: Strategy to use for failure remediation. Defaults
+ to 'rollback'.
+ enum:
+ - rollback
+ - uninstall
ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.
type: boolean
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an upgrade
+ action but fail. Defaults to 'Test.IgnoreFailures'.
remediateLastFailure:
- description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
type: boolean
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false' unless 'Retries' is greater than 0.
retries:
- description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ 'Strategy', is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
- type: object
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
values:
description: Values holds the values for this Helm release.
x-kubernetes-preserve-unknown-fields: true
valuesFrom:
- description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.
+ type: array
+ description: ValuesFrom holds references to resources containing Helm
+ values for this HelmRelease, and information about how they should
+ be merged.
items:
- description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.
+ type: object
+ description: ValuesReference contains a reference to a resource
+ containing Helm values, and optionally the key they can be found
+ at.
properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
name:
- description: Name of the values referent. Should reside in the same namespace as the referring resource.
+ type: string
+ description: Name of the values referent. Should reside in the
+ same namespace as the referring resource.
maxLength: 253
minLength: 1
+ kind:
type: string
+ description: Kind of the values referent, valid values are ('Secret',
+ 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
optional:
- description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.
type: boolean
+ description: Optional marks this ValuesReference as optional.
+ When set, a not found error for the values reference is ignored,
+ but any ValuesKey, TargetPath or transient error will still
+ result in a reconciliation failure.
targetPath:
- description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.
type: string
+ description: TargetPath is the YAML dot notation path the value
+ should be merged at. When set, the ValuesKey is expected to
+ be a single flat value. Defaults to 'None', which results
+ in the values getting merged at the root.
valuesKey:
- description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.
type: string
+ description: ValuesKey is the data key where the values.yaml
+ or a specific value can be found at. Defaults to 'values.yaml'.
required:
- kind
- name
- type: object
- type: array
required:
- chart
- interval
- type: object
status:
+ type: object
description: HelmReleaseStatus defines the observed state of a HelmRelease.
properties:
conditions:
+ type: array
description: Conditions holds the conditions for the HelmRelease.
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
failures:
- description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
type: integer
+ description: Failures is the reconciliation failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
type: string
+ description: HelmChart is the namespaced name of the HelmChart resource
+ created by the controller for the HelmRelease.
installFailures:
- description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
type: integer
+ description: InstallFailures is the install failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully applied source.
type: string
+ description: LastAppliedRevision is the revision of the last successfully
+ applied source.
lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation attempt.
type: string
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
type: string
+ description: LastAttemptedValuesChecksum is the SHA1 checksum of the
+ values of the last reconciliation attempt.
lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
type: string
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful Helm release.
type: integer
+ description: LastReleaseRevision is the revision of the last successful
+ Helm release.
observedGeneration:
+ type: integer
description: ObservedGeneration is the last observed generation.
format: int64
- type: integer
upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
type: integer
- type: object
- type: object
+ description: UpgradeFailures is the upgrade failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
served: true
storage: true
subresources:
@@ -1604,12 +1846,12 @@ status:
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: helm-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: helm-controller
- namespace: flux-system
spec:
replicas: 1
selector:
@@ -1617,34 +1859,33 @@ spec:
app: helm-controller
template:
metadata:
+ labels:
+ app: helm-controller
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
- labels:
- app: helm-controller
spec:
+ terminationGracePeriodSeconds: 10
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: ghcr.io/fluxcd/helm-controller:v0.2.0
+ args:
- --events-addr=http://notification-controller/
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
+ ports:
+ - name: http-prom
+ containerPort: 8080
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.2.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /metrics
- port: http-prom
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
resources:
limits:
cpu: 1000m
@@ -1652,30 +1893,31 @@ spec:
requests:
cpu: 100m
memory: 64Mi
+ volumeMounts:
+ - name: temp
+ mountPath: /tmp
+ livenessProbe:
+ httpGet:
+ port: http-prom
+ path: /metrics
+ imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
volumes:
- - emptyDir: {}
- name: temp
+ - name: temp
+ emptyDir: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: alerts.notification.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: alerts.notification.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: notification.toolkit.fluxcd.io
names:
@@ -1685,48 +1927,70 @@ spec:
singular: alert
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: Alert is the Schema for the alerts API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
- description: AlertSpec defines an alerting rule for events involving a list of objects
+ type: object
+ description: AlertSpec defines an alerting rule for events involving a
+ list of objects
properties:
eventSeverity:
+ type: string
default: info
- description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered.
+ description: Filter events based on severity, defaults to ('info').
+ If set to 'info' no events will be filtered.
enum:
- info
- error
- type: string
eventSources:
+ type: array
description: Filter events based on the involved objects
items:
- description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
+ type: object
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
properties:
+ name:
+ type: string
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ namespace:
+ type: string
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
apiVersion:
- description: API version of the referent
type: string
+ description: API version of the referent
kind:
+ type: string
description: Kind of the referent
enum:
- Bucket
@@ -1735,65 +1999,57 @@ spec:
- HelmRelease
- HelmChart
- HelmRepository
- type: string
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
required:
- name
- type: object
- type: array
providerRef:
+ type: object
description: Send events using this provider
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
suspend:
- description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false.
type: boolean
+ description: This flag tells the controller to suspend subsequent
+ events dispatching. Defaults to false.
required:
- eventSources
- providerRef
- type: object
status:
+ type: object
description: AlertStatus defines the observed state of Alert
properties:
conditions:
+ type: array
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
- type: object
- type: object
served: true
storage: true
subresources:
@@ -1808,13 +2064,13 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: providers.notification.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: providers.notification.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: notification.toolkit.fluxcd.io
names:
@@ -1824,51 +2080,40 @@ spec:
singular: provider
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: Provider is the Schema for the providers API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: ProviderSpec defines the desired state of Provider
properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
type:
+ type: string
description: Type of provider
enum:
- slack
@@ -1878,43 +2123,64 @@ spec:
- generic
- github
- gitlab
+ secretRef:
+ type: object
+ description: Secret reference containing the provider webhook URL
+ properties:
+ name:
+ type: string
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ address:
+ type: string
+ description: HTTP/S webhook address of this provider
+ pattern: ^(http|https)://
+ channel:
type: string
+ description: Alert channel for this provider
+ proxy:
+ type: string
+ description: HTTP/S address of the proxy
+ pattern: ^(http|https)://
username:
- description: Bot username for this provider
type: string
+ description: Bot username for this provider
required:
- type
- type: object
status:
+ type: object
description: ProviderStatus defines the observed state of Provider
properties:
conditions:
+ type: array
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
- type: object
- type: object
served: true
storage: true
subresources:
@@ -1929,13 +2195,13 @@ status:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
+ name: receivers.notification.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
- name: receivers.notification.toolkit.fluxcd.io
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
spec:
group: notification.toolkit.fluxcd.io
names:
@@ -1945,46 +2211,71 @@ spec:
singular: receiver
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
+ - name: v1beta1
+ additionalPrinterColumns:
+ - name: Ready
type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
+ jsonPath: .status.conditions[?(@.type=="Ready")].status
+ - name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
+ jsonPath: .status.conditions[?(@.type=="Ready")].message
+ - name: Age
type: date
- name: v1beta1
+ jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
+ type: object
description: Receiver is the Schema for the receivers API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: ReceiverSpec defines the desired state of Receiver
properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab.
- items:
- type: string
- type: array
+ type:
+ type: string
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
resources:
+ type: array
description: A list of resources to be notified about changes.
items:
- description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
+ type: object
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
properties:
+ name:
+ type: string
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ namespace:
+ type: string
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
apiVersion:
- description: API version of the referent
type: string
+ description: API version of the referent
kind:
+ type: string
description: Kind of the referent
enum:
- Bucket
@@ -1993,77 +2284,67 @@ spec:
- HelmRelease
- HelmChart
- HelmRepository
- type: string
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
required:
- name
- type: object
- type: array
secretRef:
- description: Secret reference containing the token used to validate the payload authenticity
+ type: object
+ description: Secret reference containing the token used to validate
+ the payload authenticity
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
- type: object
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ events:
+ type: array
+ description: A list of events to handle, e.g. 'push' for GitHub or
+ 'Push Hook' for GitLab.
+ items:
+ type: string
suspend:
- description: This flag tells the controller to suspend subsequent events handling. Defaults to false.
type: boolean
- type:
- description: Type of webhook sender, used to determine the validation procedure and payload deserialization.
- enum:
- - generic
- - github
- - gitlab
- - bitbucket
- - harbor
- type: string
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
required:
- resources
- type
- type: object
status:
+ type: object
description: ReceiverStatus defines the observed state of Receiver
properties:
conditions:
+ type: array
items:
- description: Condition contains condition information of a toolkit resource.
+ type: object
+ description: Condition contains condition information of a toolkit
+ resource.
properties:
+ type:
+ type: string
+ description: Type of the condition.
+ status:
+ type: string
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
type: string
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
type: string
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
required:
- status
- type
- type: object
- type: array
url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
type: string
- type: object
- type: object
+ description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
served: true
storage: true
subresources:
@@ -2078,50 +2359,50 @@ status:
apiVersion: v1
kind: Service
metadata:
+ name: notification-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: notification-controller
- namespace: flux-system
spec:
+ type: ClusterIP
+ selector:
+ app: notification-controller
ports:
- name: http
- port: 80
protocol: TCP
+ port: 80
targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
+ name: webhook-receiver
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: webhook-receiver
- namespace: flux-system
spec:
+ type: ClusterIP
+ selector:
+ app: notification-controller
ports:
- name: http
- port: 80
protocol: TCP
+ port: 80
targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: notification-controller
+ namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
control-plane: controller
- name: notification-controller
- namespace: flux-system
spec:
replicas: 1
selector:
@@ -2129,37 +2410,36 @@ spec:
app: notification-controller
template:
metadata:
+ labels:
+ app: notification-controller
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
- labels:
- app: notification-controller
spec:
+ terminationGracePeriodSeconds: 10
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: ghcr.io/fluxcd/notification-controller:v0.2.0
+ args:
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
+ ports:
+ - name: http
+ containerPort: 9090
+ - name: http-webhook
+ containerPort: 9292
+ - name: http-prom
+ containerPort: 8080
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.2.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /metrics
- port: http-prom
- name: manager
- ports:
- - containerPort: 9090
- name: http
- - containerPort: 9292
- name: http-webhook
- - containerPort: 8080
- name: http-prom
resources:
limits:
cpu: 1000m
@@ -2167,17 +2447,17 @@ spec:
requests:
cpu: 100m
memory: 64Mi
+ volumeMounts:
+ - name: temp
+ mountPath: /tmp
+ livenessProbe:
+ httpGet:
+ port: http-prom
+ path: /metrics
+ imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
volumes:
- - emptyDir: {}
- name: temp
----
+ - name: temp
+ emptyDir: {}
diff --git a/base/flux/toolkit/kustomization.yaml b/base/flux/toolkit/kustomization.yaml
index 34f7f9bda4f2824a5b07ef52376d740143fea09c..0b0b2bcda364c3744ef077cfd781837fba8d867c 100644
--- a/base/flux/toolkit/kustomization.yaml
+++ b/base/flux/toolkit/kustomization.yaml
@@ -1,2 +1,2 @@
resources:
- - all.yaml
+- all.yaml
diff --git a/base/gatekeeper/gatekeeper.yaml b/base/gatekeeper/gatekeeper.yaml
index 9af0fd2b3e94d55394f7327a167d6c3c34e5cbad..1c3a170c96ccac95fe129978a610775f4d1e42c8 100644
--- a/base/gatekeeper/gatekeeper.yaml
+++ b/base/gatekeeper/gatekeeper.yaml
@@ -1,12 +1,11 @@
----
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
+ name: configs.config.gatekeeper.sh
labels:
gatekeeper.sh/system: "yes"
- name: configs.config.gatekeeper.sh
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
spec:
group: config.gatekeeper.sh
names:
@@ -17,86 +16,93 @@ spec:
scope: Namespaced
validation:
openAPIV3Schema:
+ type: object
description: Config is the Schema for the configs API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
description: ConfigSpec defines the desired state of Config
properties:
match:
+ type: array
description: Configuration for namespace exclusion
items:
+ type: object
properties:
excludedNamespaces:
+ type: array
items:
type: string
- type: array
processes:
+ type: array
items:
type: string
- type: array
- type: object
- type: array
readiness:
+ type: object
description: Configuration for readiness tracker
properties:
statsEnabled:
type: boolean
- type: object
sync:
+ type: object
description: Configuration for syncing k8s objects
properties:
syncOnly:
- description: If non-empty, only entries on this list will be replicated into OPA
+ type: array
+ description: If non-empty, only entries on this list will be replicated
+ into OPA
items:
+ type: object
properties:
- group:
- type: string
kind:
type: string
+ group:
+ type: string
version:
type: string
- type: object
- type: array
- type: object
validation:
+ type: object
description: Configuration for validation
properties:
traces:
- description: List of requests to trace. Both "user" and "kinds" must be specified
+ type: array
+ description: List of requests to trace. Both "user" and "kinds"
+ must be specified
items:
+ type: object
properties:
- dump:
- description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
- type: string
kind:
+ type: object
description: Only trace requests of the following GroupVersionKind
properties:
- group:
- type: string
kind:
type: string
+ group:
+ type: string
version:
type: string
- type: object
+ dump:
+ type: string
+ description: Also dump the state of OPA with the trace. Set
+ to `All` to dump everything.
user:
- description: Only trace requests from the specified user
type: string
- type: object
- type: array
- type: object
- type: object
+ description: Only trace requests from the specified user
status:
- description: ConfigStatus defines the observed state of Config
type: object
- type: object
+ description: ConfigStatus defines the observed state of Config
version: v1alpha1
versions:
- name: v1alpha1
@@ -112,12 +118,12 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: constraintpodstatuses.status.gatekeeper.sh
+ labels:
+ gatekeeper.sh/system: "yes"
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
- labels:
- gatekeeper.sh/system: "yes"
- name: constraintpodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
@@ -128,27 +134,39 @@ spec:
scope: Namespaced
validation:
openAPIV3Schema:
- description: ConstraintPodStatus is the Schema for the constraintpodstatuses API
+ type: object
+ description: ConstraintPodStatus is the Schema for the constraintpodstatuses
+ API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
status:
+ type: object
description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
properties:
constraintUID:
- description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
type: string
+ description: Storing the constraint UID allows us to detect drift, such
+ as when a constraint has been recreated after its CRD was deleted
+ out from under it, interrupting the watch
enforced:
type: boolean
errors:
+ type: array
items:
- description: Error represents a single error caught while adding a constraint to OPA
+ type: object
+ description: Error represents a single error caught while adding a
+ constraint to OPA
properties:
code:
type: string
@@ -159,19 +177,15 @@ spec:
required:
- code
- message
- type: object
- type: array
id:
type: string
observedGeneration:
- format: int64
type: integer
+ format: int64
operations:
+ type: array
items:
type: string
- type: array
- type: object
- type: object
version: v1beta1
versions:
- name: v1beta1
@@ -187,12 +201,12 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: constrainttemplatepodstatuses.status.gatekeeper.sh
+ labels:
+ gatekeeper.sh/system: "yes"
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
- labels:
- gatekeeper.sh/system: "yes"
- name: constrainttemplatepodstatuses.status.gatekeeper.sh
spec:
group: status.gatekeeper.sh
names:
@@ -203,22 +217,33 @@ spec:
scope: Namespaced
validation:
openAPIV3Schema:
- description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API
+ type: object
+ description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses
+ API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
status:
- description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
+ type: object
+ description: ConstraintTemplatePodStatusStatus defines the observed state
+ of ConstraintTemplatePodStatus
properties:
errors:
+ type: array
items:
- description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+ type: object
+ description: CreateCRDError represents a single error caught during
+ parsing, compiling, etc.
properties:
code:
type: string
@@ -229,23 +254,23 @@ spec:
required:
- code
- message
- type: object
- type: array
id:
- description: 'Important: Run "make" to regenerate code after modifying this file'
type: string
+ description: 'Important: Run "make" to regenerate code after modifying
+ this file'
observedGeneration:
- format: int64
type: integer
+ format: int64
operations:
+ type: array
items:
type: string
- type: array
templateUID:
- description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.
type: string
- type: object
- type: object
+ description: UID is a type that holds unique ID values, including UUIDs. Because
+ we don't ONLY use UUIDs, this is an alias to string. Being a type
+ captures intent and helps make sure that UIDs and names do not get
+ conflated.
version: v1beta1
versions:
- name: v1beta1
@@ -261,11 +286,11 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
- creationTimestamp: null
+ name: constrainttemplates.templates.gatekeeper.sh
labels:
controller-tools.k8s.io: "1.0"
gatekeeper.sh/system: "yes"
- name: constrainttemplates.templates.gatekeeper.sh
+ creationTimestamp: null
spec:
group: templates.gatekeeper.sh
names:
@@ -278,53 +303,62 @@ spec:
openAPIV3Schema:
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
+ type: object
properties:
crd:
+ type: object
properties:
spec:
+ type: object
properties:
names:
+ type: object
properties:
kind:
type: string
shortNames:
+ type: array
items:
type: string
- type: array
- type: object
validation:
type: object
- type: object
- type: object
targets:
+ type: array
items:
+ type: object
properties:
libs:
+ type: array
items:
type: string
- type: array
rego:
type: string
target:
type: string
- type: object
- type: array
- type: object
status:
+ type: object
properties:
byPod:
+ type: array
items:
+ type: object
properties:
errors:
+ type: array
items:
+ type: object
properties:
code:
type: string
@@ -335,19 +369,14 @@ spec:
required:
- code
- message
- type: object
- type: array
id:
- description: a unique identifier for the pod that wrote the status
type: string
+ description: a unique identifier for the pod that wrote the status
observedGeneration:
- format: int64
type: integer
- type: object
- type: array
+ format: int64
created:
type: boolean
- type: object
version: v1beta1
versions:
- name: v1beta1
@@ -366,31 +395,31 @@ status:
apiVersion: v1
kind: ServiceAccount
metadata:
- labels:
- gatekeeper.sh/system: "yes"
name: gatekeeper-admin
namespace: gatekeeper-system
+ labels:
+ gatekeeper.sh/system: "yes"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- creationTimestamp: null
- labels:
- gatekeeper.sh/system: "yes"
name: gatekeeper-manager-role
namespace: gatekeeper-system
+ labels:
+ gatekeeper.sh/system: "yes"
+ creationTimestamp: null
rules:
-- apiGroups:
- - ""
- resources:
+- resources:
- events
+ apiGroups:
+ - ""
verbs:
- create
- patch
-- apiGroups:
- - ""
- resources:
+- resources:
- secrets
+ apiGroups:
+ - ""
verbs:
- create
- delete
@@ -403,23 +432,23 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- creationTimestamp: null
+ name: gatekeeper-manager-role
labels:
gatekeeper.sh/system: "yes"
- name: gatekeeper-manager-role
+ creationTimestamp: null
rules:
-- apiGroups:
+- resources:
- '*'
- resources:
+ apiGroups:
- '*'
verbs:
- get
- list
- watch
-- apiGroups:
- - apiextensions.k8s.io
- resources:
+- resources:
- customresourcedefinitions
+ apiGroups:
+ - apiextensions.k8s.io
verbs:
- create
- delete
@@ -428,10 +457,10 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - config.gatekeeper.sh
- resources:
+- resources:
- configs
+ apiGroups:
+ - config.gatekeeper.sh
verbs:
- create
- delete
@@ -440,18 +469,18 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - config.gatekeeper.sh
- resources:
+- resources:
- configs/status
+ apiGroups:
+ - config.gatekeeper.sh
verbs:
- get
- patch
- update
-- apiGroups:
- - constraints.gatekeeper.sh
- resources:
+- resources:
- '*'
+ apiGroups:
+ - constraints.gatekeeper.sh
verbs:
- create
- delete
@@ -460,16 +489,16 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - policy
- resources:
+- resources:
- podsecuritypolicies
+ apiGroups:
+ - policy
verbs:
- use
-- apiGroups:
- - status.gatekeeper.sh
- resources:
+- resources:
- '*'
+ apiGroups:
+ - status.gatekeeper.sh
verbs:
- create
- delete
@@ -478,10 +507,10 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - templates.gatekeeper.sh
- resources:
+- resources:
- constrainttemplates
+ apiGroups:
+ - templates.gatekeeper.sh
verbs:
- create
- delete
@@ -490,29 +519,29 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - templates.gatekeeper.sh
- resources:
+- resources:
- constrainttemplates/finalizers
+ apiGroups:
+ - templates.gatekeeper.sh
verbs:
- delete
- get
- patch
- update
-- apiGroups:
- - templates.gatekeeper.sh
- resources:
+- resources:
- constrainttemplates/status
+ apiGroups:
+ - templates.gatekeeper.sh
verbs:
- get
- patch
- update
-- apiGroups:
+- resources:
+ - validatingwebhookconfigurations
+ apiGroups:
- admissionregistration.k8s.io
resourceNames:
- gatekeeper-validating-webhook-configuration
- resources:
- - validatingwebhookconfigurations
verbs:
- create
- delete
@@ -525,67 +554,67 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- labels:
- gatekeeper.sh/system: "yes"
name: gatekeeper-manager-rolebinding
namespace: gatekeeper-system
+ labels:
+ gatekeeper.sh/system: "yes"
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
name: gatekeeper-manager-role
+ kind: Role
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: gatekeeper-admin
+- name: gatekeeper-admin
namespace: gatekeeper-system
+ kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
+ name: gatekeeper-manager-rolebinding
labels:
gatekeeper.sh/system: "yes"
- name: gatekeeper-manager-rolebinding
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
name: gatekeeper-manager-role
+ kind: ClusterRole
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: gatekeeper-admin
+- name: gatekeeper-admin
namespace: gatekeeper-system
+ kind: ServiceAccount
---
apiVersion: v1
kind: Secret
metadata:
- labels:
- gatekeeper.sh/system: "yes"
name: gatekeeper-webhook-server-cert
namespace: gatekeeper-system
+ labels:
+ gatekeeper.sh/system: "yes"
---
apiVersion: v1
kind: Service
metadata:
- labels:
- gatekeeper.sh/system: "yes"
name: gatekeeper-webhook-service
namespace: gatekeeper-system
+ labels:
+ gatekeeper.sh/system: "yes"
spec:
- ports:
- - port: 443
- targetPort: 8443
selector:
control-plane: controller-manager
gatekeeper.sh/operation: webhook
gatekeeper.sh/system: "yes"
+ ports:
+ - port: 443
+ targetPort: 8443
---
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: gatekeeper-audit
+ namespace: gatekeeper-system
labels:
control-plane: controller-manager
gatekeeper.sh/operation: audit
gatekeeper.sh/system: "yes"
- name: gatekeeper-audit
- namespace: gatekeeper-system
spec:
replicas: 1
selector:
@@ -595,20 +624,33 @@ spec:
gatekeeper.sh/system: "yes"
template:
metadata:
- annotations:
- container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
labels:
control-plane: audit-controller
gatekeeper.sh/operation: audit
gatekeeper.sh/system: "yes"
+ annotations:
+ container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
spec:
+ terminationGracePeriodSeconds: 60
+ serviceAccountName: gatekeeper-admin
+ nodeSelector:
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: openpolicyagent/gatekeeper:v3.1.1
+ command:
+ - /manager
+ args:
- --operation=audit
- --operation=status
- --logtostderr
- command:
- - /manager
+ ports:
+ - name: metrics
+ protocol: TCP
+ containerPort: 8888
+ - name: healthz
+ protocol: TCP
+ containerPort: 9090
env:
- name: POD_NAMESPACE
valueFrom:
@@ -619,24 +661,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- image: openpolicyagent/gatekeeper:v3.1.1
- imagePullPolicy: Always
- livenessProbe:
- httpGet:
- path: /healthz
- port: 9090
- name: manager
- ports:
- - containerPort: 8888
- name: metrics
- protocol: TCP
- - containerPort: 9090
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: 9090
resources:
limits:
cpu: 1000m
@@ -644,6 +668,15 @@ spec:
requests:
cpu: 100m
memory: 256Mi
+ livenessProbe:
+ httpGet:
+ port: 9090
+ path: /healthz
+ readinessProbe:
+ httpGet:
+ port: 9090
+ path: /readyz
+ imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -652,20 +685,16 @@ spec:
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
- nodeSelector:
- kubernetes.io/os: linux
- serviceAccountName: gatekeeper-admin
- terminationGracePeriodSeconds: 60
---
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: gatekeeper-controller-manager
+ namespace: gatekeeper-system
labels:
control-plane: controller-manager
gatekeeper.sh/operation: webhook
gatekeeper.sh/system: "yes"
- name: gatekeeper-controller-manager
- namespace: gatekeeper-system
spec:
replicas: 3
selector:
@@ -675,33 +704,37 @@ spec:
gatekeeper.sh/system: "yes"
template:
metadata:
- annotations:
- container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
labels:
control-plane: controller-manager
gatekeeper.sh/operation: webhook
gatekeeper.sh/system: "yes"
+ annotations:
+ container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
spec:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: gatekeeper.sh/operation
- operator: In
- values:
- - webhook
- topologyKey: kubernetes.io/hostname
- weight: 100
+ terminationGracePeriodSeconds: 60
+ serviceAccountName: gatekeeper-admin
+ nodeSelector:
+ kubernetes.io/os: linux
containers:
- - args:
+ - name: manager
+ image: openpolicyagent/gatekeeper:v3.1.1
+ command:
+ - /manager
+ args:
- --port=8443
- --logtostderr
- --exempt-namespace=gatekeeper-system
- --operation=webhook
- command:
- - /manager
+ ports:
+ - name: webhook-server
+ protocol: TCP
+ containerPort: 8443
+ - name: metrics
+ protocol: TCP
+ containerPort: 8888
+ - name: healthz
+ protocol: TCP
+ containerPort: 9090
env:
- name: POD_NAMESPACE
valueFrom:
@@ -712,27 +745,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- image: openpolicyagent/gatekeeper:v3.1.1
- imagePullPolicy: Always
- livenessProbe:
- httpGet:
- path: /healthz
- port: 9090
- name: manager
- ports:
- - containerPort: 8443
- name: webhook-server
- protocol: TCP
- - containerPort: 8888
- name: metrics
- protocol: TCP
- - containerPort: 9090
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: 9090
resources:
limits:
cpu: 1000m
@@ -740,6 +752,19 @@ spec:
requests:
cpu: 100m
memory: 256Mi
+ volumeMounts:
+ - name: cert
+ readOnly: true
+ mountPath: /certs
+ livenessProbe:
+ httpGet:
+ port: 9090
+ path: /healthz
+ readinessProbe:
+ httpGet:
+ port: 9090
+ path: /readyz
+ imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -748,69 +773,73 @@ spec:
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
- volumeMounts:
- - mountPath: /certs
- name: cert
- readOnly: true
- nodeSelector:
- kubernetes.io/os: linux
- serviceAccountName: gatekeeper-admin
- terminationGracePeriodSeconds: 60
volumes:
- name: cert
secret:
defaultMode: 420
secretName: gatekeeper-webhook-server-cert
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: gatekeeper.sh/operation
+ operator: In
+ values:
+ - webhook
+ topologyKey: kubernetes.io/hostname
+ weight: 100
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
- creationTimestamp: null
+ name: gatekeeper-validating-webhook-configuration
labels:
gatekeeper.sh/system: "yes"
- name: gatekeeper-validating-webhook-configuration
+ creationTimestamp: null
webhooks:
-- clientConfig:
- caBundle: Cg==
+- name: validation.gatekeeper.sh
+ clientConfig:
service:
name: gatekeeper-webhook-service
namespace: gatekeeper-system
path: /v1/admit
+ caBundle: Cg==
failurePolicy: Ignore
- name: validation.gatekeeper.sh
namespaceSelector:
matchExpressions:
- key: admission.gatekeeper.sh/ignore
operator: DoesNotExist
rules:
- - apiGroups:
+ - resources:
+ - '*'
+ apiGroups:
- '*'
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
- resources:
- - '*'
sideEffects: None
timeoutSeconds: 5
-- clientConfig:
- caBundle: Cg==
+- name: check-ignore-label.gatekeeper.sh
+ clientConfig:
service:
name: gatekeeper-webhook-service
namespace: gatekeeper-system
path: /v1/admitlabel
+ caBundle: Cg==
failurePolicy: Fail
- name: check-ignore-label.gatekeeper.sh
rules:
- - apiGroups:
+ - resources:
+ - namespaces
+ apiGroups:
- ""
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
- resources:
- - namespaces
sideEffects: None
- timeoutSeconds: 5
\ No newline at end of file
+ timeoutSeconds: 5
diff --git a/base/gatekeeper/kustomization.yaml b/base/gatekeeper/kustomization.yaml
index d0e5c9351251efc504126b634eb8c74b4f811d49..be2091040035873fc6bd277f920c4d7e651706c5 100644
--- a/base/gatekeeper/kustomization.yaml
+++ b/base/gatekeeper/kustomization.yaml
@@ -1,8 +1,7 @@
resources:
- - namespace.yaml
- - gatekeeper.yaml
-
+- namespace.yaml
+- gatekeeper.yaml
images:
- - name: openpolicyagent/gatekeeper:v3.1.1
- newName: registry1.dsop.io/ironbank/opensource/openpolicyagent/gatekeeper
- newTag: v3.1.1
\ No newline at end of file
+- name: openpolicyagent/gatekeeper:v3.1.1
+ newName: registry1.dsop.io/ironbank/opensource/openpolicyagent/gatekeeper
+ newTag: v3.1.1
diff --git a/base/gatekeeper/namespace.yaml b/base/gatekeeper/namespace.yaml
index 5ae3b4aa60cec6550147b1c62df8549527f7aa91..0db175abb2142eb73895d46d4df40ce01f2b66fc 100644
--- a/base/gatekeeper/namespace.yaml
+++ b/base/gatekeeper/namespace.yaml
@@ -1,9 +1,8 @@
----
apiVersion: v1
kind: Namespace
metadata:
+ name: gatekeeper-system
labels:
admission.gatekeeper.sh/ignore: no-self-managing
control-plane: controller-manager
gatekeeper.sh/system: "yes"
- name: gatekeeper-system
diff --git a/base/istio/istio-operator/kustomization.yaml b/base/istio/istio-operator/kustomization.yaml
index b33e90c1480de79918e718b6e2d3e6acbf7adf60..204c25a28bac19f29863601e437f45915aeed7e9 100644
--- a/base/istio/istio-operator/kustomization.yaml
+++ b/base/istio/istio-operator/kustomization.yaml
@@ -1,7 +1,6 @@
resources:
- - operator.yaml
-
+- operator.yaml
images:
- - name: docker.io/istio/operator:1.7.4-distroless
- newName: registry1.dsop.io/ironbank/opensource/istio/operator
- newTag: 1.7.3
\ No newline at end of file
+- name: docker.io/istio/operator:1.7.4-distroless
+ newName: registry1.dsop.io/ironbank/opensource/istio/operator
+ newTag: 1.7.3
diff --git a/base/istio/istio-operator/operator.yaml b/base/istio/istio-operator/operator.yaml
index f0b62245d27cc379e2697587efaf070e31c54549..315eecc83505d9d520586791b06c2400fbc243d9 100644
--- a/base/istio/istio-operator/operator.yaml
+++ b/base/istio/istio-operator/operator.yaml
@@ -1,19 +1,18 @@
----
# Source: istio-operator/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: istio-operator
labels:
- istio-operator-managed: Reconcile
istio-injection: disabled
+ istio-operator-managed: Reconcile
---
# Source: istio-operator/templates/service_account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
- namespace: istio-operator
name: istio-operator
+ namespace: istio-operator
---
# Source: istio-operator/templates/crds.yaml
# SYNC WITH manifests/charts/base/files
@@ -28,164 +27,155 @@ spec:
names:
kind: IstioOperator
plural: istiooperators
- singular: istiooperator
shortNames:
- - iop
+ - iop
+ singular: istiooperator
scope: Namespaced
versions:
- - additionalPrinterColumns:
- - description: Istio control plane revision
- jsonPath: .spec.revision
- name: Revision
- type: string
- - description: IOP current state
- jsonPath: .status.status
- type: string
- name: Status
- - jsonPath: .metadata.creationTimestamp
- description:
- "CreationTimestamp is a timestamp representing the server time when
- this object was created. It is not guaranteed to be set in happens-before order
- across separate operations. Clients may not set this value. It is represented
- in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
- lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description:
- "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description:
- "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- spec:
- description:
- "Specification of the desired state of the istio control plane resource.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
- x-kubernetes-preserve-unknown-fields: true
- type: object
- status:
- description:
- "Status describes each of istio control plane component status at the current time.
- 0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
- More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
- https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
- x-kubernetes-preserve-unknown-fields: true
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
+ - name: v1alpha1
+ additionalPrinterColumns:
+ - name: Revision
+ type: string
+ description: Istio control plane revision
+ jsonPath: .spec.revision
+ - name: Status
+ type: string
+ description: IOP current state
+ jsonPath: .status.status
+ - name: Age
+ type: date
+ description: "CreationTimestamp is a timestamp representing the server time
+ when this object was created. It is not guaranteed to be set in happens-before
+ order across separate operations. Clients may not set this value. It is represented
+ in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
+ lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
+ jsonPath: .metadata.creationTimestamp
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ type: string
+ description: "APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
+ kind:
+ type: string
+ description: "Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ spec:
+ type: object
+ description: "Specification of the desired state of the istio control
+ plane resource. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ description: "Status describes each of istio control plane component status
+ at the current time. 0 means NONE, 1 means UPDATING, 2 means HEALTHY,
+ 3 means ERROR, 4 means RECONCILING. More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html
+ & https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
+ x-kubernetes-preserve-unknown-fields: true
+ served: true
+ storage: true
+ subresources:
+ status: {}
---
# Source: istio-operator/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- creationTimestamp: null
name: istio-operator
+ creationTimestamp: null
rules:
-# istio groups
-- apiGroups:
- - authentication.istio.io
- resources:
+- resources:
- '*'
+ # istio groups
+ apiGroups:
+ - authentication.istio.io
verbs:
- '*'
-- apiGroups:
- - config.istio.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - config.istio.io
verbs:
- '*'
-- apiGroups:
- - install.istio.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - install.istio.io
verbs:
- '*'
-- apiGroups:
- - networking.istio.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - networking.istio.io
verbs:
- '*'
-- apiGroups:
- - security.istio.io
- resources:
+- resources:
- '*'
+ apiGroups:
+ - security.istio.io
verbs:
- '*'
-# k8s groups
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
+- resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
+ # k8s groups
+ apiGroups:
+ - admissionregistration.k8s.io
verbs:
- '*'
-- apiGroups:
- - apiextensions.k8s.io
- resources:
+- resources:
- customresourcedefinitions.apiextensions.k8s.io
- customresourcedefinitions
+ apiGroups:
+ - apiextensions.k8s.io
verbs:
- '*'
-- apiGroups:
- - apps
- - extensions
- resources:
+- resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- replicasets
- statefulsets
+ apiGroups:
+ - apps
+ - extensions
verbs:
- '*'
-- apiGroups:
- - autoscaling
- resources:
+- resources:
- horizontalpodautoscalers
+ apiGroups:
+ - autoscaling
verbs:
- '*'
-- apiGroups:
- - monitoring.coreos.com
- resources:
+- resources:
- servicemonitors
+ apiGroups:
+ - monitoring.coreos.com
verbs:
- get
- create
- update
-- apiGroups:
- - policy
- resources:
+- resources:
- poddisruptionbudgets
+ apiGroups:
+ - policy
verbs:
- '*'
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
+- resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
+ apiGroups:
+ - rbac.authorization.k8s.io
verbs:
- '*'
-- apiGroups:
- - ""
- resources:
+- resources:
- configmaps
- endpoints
- events
@@ -195,45 +185,47 @@ rules:
- secrets
- services
- serviceaccounts
+ apiGroups:
+ - ""
verbs:
- '*'
---
+apiVersion: rbac.authorization.k8s.io/v1
# Source: istio-operator/templates/clusterrole_binding.yaml
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: istio-operator
-subjects:
-- kind: ServiceAccount
- name: istio-operator
- namespace: istio-operator
roleRef:
- kind: ClusterRole
name: istio-operator
+ kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
+subjects:
+- name: istio-operator
+ namespace: istio-operator
+ kind: ServiceAccount
---
# Source: istio-operator/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
+ name: istio-operator
namespace: istio-operator
labels:
name: istio-operator
- name: istio-operator
spec:
+ selector:
+ name: istio-operator
ports:
- name: http-metrics
port: 8383
targetPort: 8383
- selector:
- name: istio-operator
---
# Source: istio-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
- namespace: istio-operator
name: istio-operator
+ namespace: istio-operator
spec:
replicas: 1
selector:
@@ -246,41 +238,41 @@ spec:
spec:
serviceAccountName: istio-operator
containers:
- - name: istio-operator
- image: docker.io/istio/operator:1.7.4-distroless
- command:
- - operator
- - server
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- readOnlyRootFilesystem: true
- runAsGroup: 1337
- runAsUser: 1337
- runAsNonRoot: true
- imagePullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 200m
- memory: 256Mi
- requests:
- cpu: 50m
- memory: 128Mi
- env:
- - name: WATCH_NAMESPACE
- value: "istio-system"
- - name: LEADER_ELECTION_NAMESPACE
- value: "istio-operator"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: OPERATOR_NAME
- value: "istio-operator"
- - name: WAIT_FOR_RESOURCES_TIMEOUT
- value: "300s"
- - name: REVISION
- value: ""
+ - name: istio-operator
+ image: docker.io/istio/operator:1.7.4-distroless
+ command:
+ - operator
+ - server
+ env:
+ - name: WATCH_NAMESPACE
+ value: "istio-system"
+ - name: LEADER_ELECTION_NAMESPACE
+ value: "istio-operator"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: OPERATOR_NAME
+ value: "istio-operator"
+ - name: WAIT_FOR_RESOURCES_TIMEOUT
+ value: "300s"
+ - name: REVISION
+ value: ""
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ requests:
+ cpu: 50m
+ memory: 128Mi
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1337
+ runAsNonRoot: true
+ runAsUser: 1337
diff --git a/base/istio/istio-system/istio.yaml b/base/istio/istio-system/istio.yaml
index d53f852fec7650c1a46b7d5bdb5c2f49df3f347f..aeb78f1f473048cc6ada2f6f28bd52a6664dab04 100644
--- a/base/istio/istio-system/istio.yaml
+++ b/base/istio/istio-system/istio.yaml
@@ -4,41 +4,36 @@ metadata:
name: istiocontrolplane
namespace: istio-system
spec:
- profile: default
- hub: registry1.dsop.io/ironbank/opensource/istio
- tag: 1.7.3
- meshConfig:
- accessLogFile: /dev/stdout
addonComponents:
kiali:
enabled: true
-
tracing:
enabled: true
-
+ hub: registry1.dsop.io/ironbank/opensource/istio
+ meshConfig:
+ accessLogFile: /dev/stdout
+ profile: default
+ tag: 1.7.3
values:
global:
imagePullSecrets:
- - private-registry
-
-
- sidecarInjectorWebhook:
- rewriteAppHTTPProbe: true
- neverInjectSelector:
- - matchExpressions:
- - key: app.kubernetes.io/component
- operator: In
- values: [fluentd-configcheck]
-
+ - private-registry
kiali:
- hub: registry1.dsop.io/ironbank/opensource/kiali
image: kiali
- tag: v1.23.0
dashboard:
auth:
strategy: anonymous
+ hub: registry1.dsop.io/ironbank/opensource/kiali
+ tag: v1.23.0
+ sidecarInjectorWebhook:
+ neverInjectSelector:
+ - matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values: [fluentd-configcheck]
+ rewriteAppHTTPProbe: true
tracing:
jaeger:
- hub: registry1.dsop.io/ironbank/opensource/jaegertracing
image: all-in-one
+ hub: registry1.dsop.io/ironbank/opensource/jaegertracing
tag: 1.19.2
diff --git a/base/istio/istio-system/kustomization.yaml b/base/istio/istio-system/kustomization.yaml
index e94541a50f25197d6648b498119a3cf47e0d56c3..5c698ac90e4c19ea02109a0ea81385cd495eae80 100644
--- a/base/istio/istio-system/kustomization.yaml
+++ b/base/istio/istio-system/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- - namespace.yaml
- - istio.yaml
\ No newline at end of file
+- namespace.yaml
+- istio.yaml
diff --git a/base/istio/istio-system/namespace.yaml b/base/istio/istio-system/namespace.yaml
index 7ffc0f563a6af70a61fce2a89fc0c46bd17ef50b..af75d588e9fdef92cd6fc3281f52e94a5b3103ee 100644
--- a/base/istio/istio-system/namespace.yaml
+++ b/base/istio/istio-system/namespace.yaml
@@ -1,4 +1,3 @@
----
apiVersion: v1
kind: Namespace
metadata:
diff --git a/base/istio/kustomization.yaml b/base/istio/kustomization.yaml
index 7a61b389db4207fc7e58ed91ce1027a25aebc925..c43dc643c9c9756b8d263a6bdcae9863d7b13084 100644
--- a/base/istio/kustomization.yaml
+++ b/base/istio/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- - istio-operator
- - istio-system
\ No newline at end of file
+- istio-operator
+- istio-system
diff --git a/base/logging/eck-operator/all-in-one.yaml b/base/logging/eck-operator/all-in-one.yaml
index e2a15744abb51f6979e845280a068403683a8082..261fe2976cffe171123e879927726eab7f97132d 100644
--- a/base/logging/eck-operator/all-in-one.yaml
+++ b/base/logging/eck-operator/all-in-one.yaml
@@ -1,33 +1,32 @@
----
# Source: crds/all-crds.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: apmservers.apm.k8s.elastic.co
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
- name: apmservers.apm.k8s.elastic.co
spec:
additionalPrinterColumns:
- - JSONPath: .status.health
- name: health
+ - name: health
type: string
- - JSONPath: .status.availableNodes
- description: Available nodes
- name: nodes
+ JSONPath: .status.health
+ - name: nodes
type: integer
- - JSONPath: .spec.version
- description: APM version
- name: version
+ JSONPath: .status.availableNodes
+ description: Available nodes
+ - name: version
type: string
- - JSONPath: .metadata.creationTimestamp
- name: age
+ JSONPath: .spec.version
+ description: APM version
+ - name: age
type: date
+ JSONPath: .metadata.creationTimestamp
group: apm.k8s.elastic.co
names:
+ kind: ApmServer
categories:
- elastic
- kind: ApmServer
listKind: ApmServerList
plural: apmservers
shortNames:
@@ -41,58 +40,149 @@ spec:
description: ApmServer represents an APM Server resource in a Kubernetes cluster.
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
type: object
spec:
+ type: object
description: ApmServerSpec holds the specification of an APM Server.
properties:
+ serviceAccountName:
+ type: string
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ image:
+ type: string
+ description: Image is the APM Server Docker image to deploy.
config:
- description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
type: object
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
count:
+ type: integer
description: Count of APM Server instances to deploy.
format: int32
- type: integer
elasticsearchRef:
+ type: object
description: ElasticsearchRef is a reference to the output Elasticsearch
cluster running in the same Kubernetes cluster.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
http:
+ type: object
description: HTTP holds the HTTP layer configuration for the APM Server
resource.
properties:
service:
+ type: object
description: Service defines the template for the associated Kubernetes
Service object.
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the service. The
name and namespace provided here are managed by ECK and will
be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the service.
properties:
+ type:
+ type: string
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ selector:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ ports:
+ type: array
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ type: object
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ type: string
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ protocol:
+ type: string
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ port:
+ type: integer
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ nodePort:
+ type: integer
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ required:
+ - port
clusterIP:
+ type: string
description: 'clusterIP is the IP address of the service
and is usually assigned randomly by the master. If an
address is specified manually and is not in use by others,
@@ -103,8 +193,8 @@ spec:
headless services when proxying is not required. Only
applies to types ClusterIP, NodePort, and LoadBalancer.
Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
externalIPs:
+ type: array
description: externalIPs is a list of IP addresses for which
nodes in the cluster will also accept traffic for this
service. These IPs are not managed by Kubernetes. The
@@ -113,15 +203,32 @@ spec:
load-balancers that are not part of the Kubernetes system.
items:
type: string
+ loadBalancerIP:
+ type: string
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ loadBalancerSourceRanges:
type: array
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
externalName:
+ type: string
description: externalName is the external reference that
kubedns or equivalent will return as a CNAME record for
this service. No proxying will be involved. Must be a
valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
and requires Type to be ExternalName.
- type: string
externalTrafficPolicy:
+ type: string
description: externalTrafficPolicy denotes if this Service
desires to route external traffic to node-local or cluster-wide
endpoints. "Local" preserves the client source IP and
@@ -130,8 +237,14 @@ spec:
"Cluster" obscures the client source IP and may cause
a second hop to another node, but should have good overall
load-spreading.
+ sessionAffinity:
type: string
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
healthCheckNodePort:
+ type: integer
description: healthCheckNodePort specifies the healthcheck
nodePort for the service. If not specified, HealthCheckNodePort
is created by the service api backend with the allocated
@@ -139,8 +252,8 @@ spec:
by the client. Only effects when Type is set to LoadBalancer
and ExternalTrafficPolicy is set to Local.
format: int32
- type: integer
ipFamily:
+ type: string
description: ipFamily specifies whether this Service has
a preference for a particular IP family (e.g. IPv4 vs.
IPv6). If a specific IP family is requested, the clusterIP
@@ -154,77 +267,8 @@ spec:
Assigning a ServiceIPFamily not available in the cluster
(e.g. IPv6 in IPv4 only cluster) is an error condition
and will fail during clusterIP assignment.
- type: string
- loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer
- LoadBalancer will get created with the IP specified in
- this field. This feature depends on whether the underlying
- cloud-provider supports specifying the loadBalancerIP
- when a load balancer is created. This field will be ignored
- if the cloud-provider does not support the feature.'
- type: string
- loadBalancerSourceRanges:
- description: 'If specified and supported by the platform,
- this will restrict traffic through the cloud-provider
- load-balancer will be restricted to the specified client
- IPs. This field will be ignored if the cloud-provider
- does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
- items:
- type: string
- type: array
- ports:
- description: 'The list of ports that are exposed by this
- service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- items:
- description: ServicePort contains information on service's
- port.
- properties:
- name:
- description: The name of this port within the service.
- This must be a DNS_LABEL. All ports within a ServiceSpec
- must have unique names. When considering the endpoints
- for a Service, this must match the 'name' field
- in the EndpointPort. Optional if only one ServicePort
- is defined on this service.
- type: string
- nodePort:
- description: 'The port on each node on which this
- service is exposed when type=NodePort or LoadBalancer.
- Usually assigned by the system. If specified, it
- will be allocated to the service if unused or else
- creation of the service will fail. Default is to
- auto-allocate a port if the ServiceType of this
- Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
- format: int32
- type: integer
- port:
- description: The port that will be exposed by this
- service.
- format: int32
- type: integer
- protocol:
- description: The IP protocol for this port. Supports
- "TCP", "UDP", and "SCTP". Default is TCP.
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: 'Number or name of the port to access
- on the pods targeted by the service. Number must
- be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored
- for services with clusterIP=None, and should be
- omitted or set equal to the ''port'' field. More
- info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
- required:
- - port
- type: object
- type: array
publishNotReadyAddresses:
+ type: boolean
description: publishNotReadyAddresses, when set to true,
indicates that DNS implementations must publish the notReadyAddresses
of subsets for the Endpoints associated with the Service.
@@ -232,41 +276,25 @@ spec:
this field is to use a StatefulSet's Headless Service
to propagate SRV records for its Pods without respect
to their readiness for purpose of peer discovery.
- type: boolean
- selector:
- additionalProperties:
- type: string
- description: 'Route service traffic to pods with label keys
- and values matching this selector. If empty or not present,
- the service is assumed to have an external process managing
- its endpoints, which Kubernetes will not modify. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
- type: object
- sessionAffinity:
- description: 'Supports "ClientIP" and "None". Used to maintain
- session affinity. Enable client IP based session affinity.
- Must be ClientIP or None. Defaults to None. More info:
- https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
sessionAffinityConfig:
+ type: object
description: sessionAffinityConfig contains the configurations
of session affinity.
properties:
clientIP:
+ type: object
description: clientIP contains the configurations of
Client IP based session affinity.
properties:
timeoutSeconds:
+ type: integer
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
- type: integer
- type: object
- type: object
topologyKeys:
+ type: array
description: topologyKeys is a preference-order list of
topology keys which implementations of services should
use to preferentially sort endpoints when accessing this
@@ -283,29 +311,12 @@ spec:
constraints will be applied.
items:
type: string
- type: array
- type:
- description: 'type determines how the Service is exposed.
- Defaults to ClusterIP. Valid options are ExternalName,
- ClusterIP, NodePort, and LoadBalancer. "ExternalName"
- maps to the specified externalName. "ClusterIP" allocates
- a cluster-internal IP address for load-balancing to endpoints.
- Endpoints are determined by the selector or if that is
- not specified, by manual construction of an Endpoints
- object. If clusterIP is "None", no virtual IP is allocated
- and the endpoints are published as a set of endpoints
- rather than a stable IP. "NodePort" builds on ClusterIP
- and allocates a port on every node which routes to the
- clusterIP. "LoadBalancer" builds on NodePort and creates
- an external load-balancer (if supported in the current
- cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
- type: string
- type: object
- type: object
tls:
+ type: object
description: TLS defines options for configuring TLS for HTTP.
properties:
certificate:
+ type: object
description: "Certificate is a reference to a Kubernetes secret
that contains the certificate and private key for enabling
TLS. The referenced secret should contain the following: \n
@@ -314,131 +325,119 @@ spec:
to the first certificate in the certificate chain."
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
selfSignedCertificate:
+ type: object
description: SelfSignedCertificate allows configuring the self-signed
certificate generated by the operator.
properties:
disabled:
+ type: boolean
description: Disabled indicates that the provisioning of
the self-signed certifcate should be disabled.
- type: boolean
subjectAltNames:
+ type: array
description: SubjectAlternativeNames is a list of SANs to
include in the generated HTTP TLS certificate.
items:
+ type: object
description: SubjectAlternativeName represents a SAN entry
in a x509 certificate.
properties:
dns:
- description: DNS is the DNS name of the subject.
type: string
+ description: DNS is the DNS name of the subject.
ip:
- description: IP is the IP address of the subject.
type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- image:
- description: Image is the APM Server Docker image to deploy.
- type: string
+ description: IP is the IP address of the subject.
kibanaRef:
+ type: object
description: KibanaRef is a reference to a Kibana instance running in
the same Kubernetes cluster. It allows APM agent central configuration
management in Kibana.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
podTemplate:
+ type: object
description: PodTemplate provides customisation options (labels, annotations,
affinity rules, resource requests, and so on) for the APM Server pods.
- type: object
secureSettings:
+ type: array
description: SecureSettings is a list of references to Kubernetes secrets
containing sensitive configuration options for APM Server.
items:
+ type: object
description: SecretSource defines a data source based on a Kubernetes
Secret.
properties:
entries:
+ type: array
description: Entries define how to project each key-value pair
in the secret to filesystem paths. If not defined, all keys
will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the
corresponding paths.
items:
+ type: object
description: KeyToPath defines how to map a key in a Secret
object to a filesystem path.
properties:
key:
- description: Key is the key contained in the secret.
type: string
+ description: Key is the key contained in the secret.
path:
+ type: string
description: Path is the relative file path to map the key
to. Path must not be an absolute file path and must not
contain any ".." components.
- type: string
required:
- key
- type: object
- type: array
secretName:
- description: SecretName is the name of the secret.
type: string
+ description: SecretName is the name of the secret.
required:
- secretName
- type: object
- type: array
- serviceAccountName:
- description: ServiceAccountName is used to check access from the current
- resource to a resource (eg. Elasticsearch) in a different namespace.
- Can only be used if ECK is enforcing RBAC on references.
- type: string
version:
- description: Version of the APM Server.
type: string
+ description: Version of the APM Server.
required:
- version
- type: object
status:
+ type: object
description: ApmServerStatus defines the observed state of ApmServer
properties:
+ service:
+ type: string
+ description: ExternalService is the name of the service the agents should
+ connect to.
availableNodes:
- format: int32
type: integer
+ format: int32
elasticsearchAssociationStatus:
+ type: string
description: ElasticsearchAssociationStatus is the status of any auto-linking
to Elasticsearch clusters.
- type: string
health:
+ type: string
description: ApmServerHealth expresses the status of the Apm Server
instances.
- type: string
kibanaAssociationStatus:
+ type: string
description: KibanaAssociationStatus is the status of any auto-linking
to Kibana.
- type: string
secretTokenSecret:
+ type: string
description: SecretTokenSecretName is the name of the Secret that contains
the secret token
- type: string
- service:
- description: ExternalService is the name of the service the agents should
- connect to.
- type: string
- type: object
version: v1
versions:
- name: v1
@@ -460,39 +459,39 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: beats.beat.k8s.elastic.co
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
- name: beats.beat.k8s.elastic.co
spec:
additionalPrinterColumns:
- - JSONPath: .status.health
- name: health
+ - name: health
type: string
- - JSONPath: .status.availableNodes
+ JSONPath: .status.health
+ - name: available
+ type: integer
+ JSONPath: .status.availableNodes
description: Available nodes
- name: available
+ - name: expected
type: integer
- - JSONPath: .status.expectedNodes
+ JSONPath: .status.expectedNodes
description: Expected nodes
- name: expected
- type: integer
- - JSONPath: .spec.type
+ - name: type
+ type: string
+ JSONPath: .spec.type
description: Beat type
- name: type
+ - name: version
type: string
- - JSONPath: .spec.version
+ JSONPath: .spec.version
description: Beat version
- name: version
- type: string
- - JSONPath: .metadata.creationTimestamp
- name: age
+ - name: age
type: date
+ JSONPath: .metadata.creationTimestamp
group: beat.k8s.elastic.co
names:
+ kind: Beat
categories:
- elastic
- kind: Beat
listKind: BeatList
plural: beats
shortNames:
@@ -506,159 +505,159 @@ spec:
description: Beat is the Schema for the Beats API.
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
type: object
spec:
+ type: object
description: BeatSpec defines the desired state of a Beat.
properties:
+ type:
+ type: string
+ description: Type is the type of the Beat to deploy (filebeat, metricbeat,
+ heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can
+ be used, but well-known types will have the image field defaulted
+ and have the appropriate Elasticsearch roles created automatically.
+ It also allows for dashboard setup when combined with a `KibanaRef`.
+ maxLength: 20
+ pattern: '[a-zA-Z0-9-]+'
+ serviceAccountName:
+ type: string
+ description: ServiceAccountName is used to check access from the current
+ resource to Elasticsearch resource in a different namespace. Can only
+ be used if ECK is enforcing RBAC on references.
+ image:
+ type: string
+ description: Image is the Beat Docker image to deploy. Version and Type
+ have to match the Beat in the image.
config:
+ type: object
description: Config holds the Beat configuration. At most one of [`Config`,
`ConfigRef`] can be specified.
- type: object
configRef:
+ type: object
description: ConfigRef contains a reference to an existing Kubernetes
Secret holding the Beat configuration. Beat settings must be specified
as yaml, under a single "beat.yml" entry. At most one of [`Config`,
`ConfigRef`] can be specified.
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
daemonSet:
+ type: object
description: DaemonSet specifies the Beat should be deployed as a DaemonSet,
and allows providing its spec. Cannot be used along with `deployment`.
If both are absent a default for the Type is used.
properties: {}
- type: object
deployment:
+ type: object
description: Deployment specifies the Beat should be deployed as a Deployment,
and allows providing its spec. Cannot be used along with `daemonSet`.
If both are absent a default for the Type is used.
properties:
replicas:
- format: int32
type: integer
- type: object
+ format: int32
elasticsearchRef:
+ type: object
description: ElasticsearchRef is a reference to an Elasticsearch cluster
running in the same Kubernetes cluster.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
- image:
- description: Image is the Beat Docker image to deploy. Version and Type
- have to match the Beat in the image.
- type: string
kibanaRef:
+ type: object
description: KibanaRef is a reference to a Kibana instance running in
the same Kubernetes cluster. It allows automatic setup of dashboards
and visualizations.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
secureSettings:
+ type: array
description: SecureSettings is a list of references to Kubernetes Secrets
containing sensitive configuration options for the Beat. Secrets data
can be then referenced in the Beat config using the Secret's keys
or as specified in `Entries` field of each SecureSetting.
items:
+ type: object
description: SecretSource defines a data source based on a Kubernetes
Secret.
properties:
entries:
+ type: array
description: Entries define how to project each key-value pair
in the secret to filesystem paths. If not defined, all keys
will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the
corresponding paths.
items:
+ type: object
description: KeyToPath defines how to map a key in a Secret
object to a filesystem path.
properties:
key:
- description: Key is the key contained in the secret.
type: string
+ description: Key is the key contained in the secret.
path:
+ type: string
description: Path is the relative file path to map the key
to. Path must not be an absolute file path and must not
contain any ".." components.
- type: string
required:
- key
- type: object
- type: array
secretName:
- description: SecretName is the name of the secret.
type: string
+ description: SecretName is the name of the secret.
required:
- secretName
- type: object
- type: array
- serviceAccountName:
- description: ServiceAccountName is used to check access from the current
- resource to Elasticsearch resource in a different namespace. Can only
- be used if ECK is enforcing RBAC on references.
- type: string
- type:
- description: Type is the type of the Beat to deploy (filebeat, metricbeat,
- heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can
- be used, but well-known types will have the image field defaulted
- and have the appropriate Elasticsearch roles created automatically.
- It also allows for dashboard setup when combined with a `KibanaRef`.
- maxLength: 20
- pattern: '[a-zA-Z0-9-]+'
- type: string
version:
- description: Version of the Beat.
type: string
+ description: Version of the Beat.
required:
- type
- version
- type: object
status:
+ type: object
description: BeatStatus defines the observed state of a Beat.
properties:
availableNodes:
- format: int32
type: integer
+ format: int32
elasticsearchAssociationStatus:
- description: AssociationStatus is the status of an association resource.
type: string
+ description: AssociationStatus is the status of an association resource.
expectedNodes:
- format: int32
type: integer
+ format: int32
health:
type: string
kibanaAssociationStatus:
- description: AssociationStatus is the status of an association resource.
type: string
- type: object
+ description: AssociationStatus is the status of an association resource.
version: v1beta1
versions:
- name: v1beta1
@@ -674,34 +673,34 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: elasticsearches.elasticsearch.k8s.elastic.co
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
- name: elasticsearches.elasticsearch.k8s.elastic.co
spec:
additionalPrinterColumns:
- - JSONPath: .status.health
- name: health
+ - name: health
type: string
- - JSONPath: .status.availableNodes
- description: Available nodes
- name: nodes
+ JSONPath: .status.health
+ - name: nodes
type: integer
- - JSONPath: .spec.version
- description: Elasticsearch version
- name: version
+ JSONPath: .status.availableNodes
+ description: Available nodes
+ - name: version
type: string
- - JSONPath: .status.phase
- name: phase
+ JSONPath: .spec.version
+ description: Elasticsearch version
+ - name: phase
type: string
- - JSONPath: .metadata.creationTimestamp
- name: age
+ JSONPath: .status.phase
+ - name: age
type: date
+ JSONPath: .metadata.creationTimestamp
group: elasticsearch.k8s.elastic.co
names:
+ kind: Elasticsearch
categories:
- elastic
- kind: Elasticsearch
listKind: ElasticsearchList
plural: elasticsearches
shortNames:
@@ -716,93 +715,226 @@ spec:
cluster.
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
type: object
spec:
+ type: object
description: ElasticsearchSpec holds the specification of an Elasticsearch
cluster.
properties:
+ updateStrategy:
+ type: object
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ type: object
+ description: ChangeBudget defines the constraints to consider when
+ applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ type: integer
+ description: MaxSurge is the maximum number of new pods that
+ can be created exceeding the original number of pods defined
+ in the specification. MaxSurge is only taken into consideration
+ when scaling up. Setting a negative value will disable the
+ restriction. Defaults to unbounded if not specified.
+ format: int32
+ maxUnavailable:
+ type: integer
+ description: MaxUnavailable is the maximum number of pods that
+ can be unavailable (not ready) during the update due to circumstances
+ under the control of the operator. Setting a negative value
+ will disable this restriction. Defaults to 1 if not specified.
+ format: int32
+ serviceAccountName:
+ type: string
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. a remote Elasticsearch cluster) in a different
+ namespace. Can only be used if ECK is enforcing RBAC on references.
+ image:
+ type: string
+ description: Image is the Elasticsearch Docker image to deploy.
auth:
+ type: object
description: Auth contains user authentication and authorization security
settings for Elasticsearch.
properties:
fileRealm:
+ type: array
description: FileRealm to propagate to the Elasticsearch cluster.
items:
+ type: object
description: FileRealmSource references users to create in the
Elasticsearch cluster.
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
- type: array
+ description: SecretName is the name of the secret.
roles:
+ type: array
description: Roles to propagate to the Elasticsearch cluster.
items:
+ type: object
description: RoleSource references roles to create in the Elasticsearch
cluster.
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
- type: array
- type: object
+ description: SecretName is the name of the secret.
http:
+ type: object
description: HTTP holds HTTP layer settings for Elasticsearch.
properties:
service:
+ type: object
description: Service defines the template for the associated Kubernetes
Service object.
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the service. The
name and namespace provided here are managed by ECK and will
be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the service.
properties:
- clusterIP:
- description: 'clusterIP is the IP address of the service
- and is usually assigned randomly by the master. If an
- address is specified manually and is not in use by others,
- it will be allocated to the service; otherwise, creation
- of the service will fail. This field can not be changed
- through updates. Valid values are "None", empty string
- (""), or a valid IP address. "None" can be specified for
- headless services when proxying is not required. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type:
type: string
- externalIPs:
- description: externalIPs is a list of IP addresses for which
- nodes in the cluster will also accept traffic for this
- service. These IPs are not managed by Kubernetes. The
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ selector:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ ports:
+ type: array
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ type: object
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ type: string
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ protocol:
+ type: string
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ port:
+ type: integer
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ nodePort:
+ type: integer
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ required:
+ - port
+ clusterIP:
+ type: string
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ externalIPs:
+ type: array
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
user is responsible for ensuring that traffic arrives
at a node with this IP. A common example is external
load-balancers that are not part of the Kubernetes system.
items:
type: string
+ loadBalancerIP:
+ type: string
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ loadBalancerSourceRanges:
type: array
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
externalName:
+ type: string
description: externalName is the external reference that
kubedns or equivalent will return as a CNAME record for
this service. No proxying will be involved. Must be a
valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
and requires Type to be ExternalName.
- type: string
externalTrafficPolicy:
+ type: string
description: externalTrafficPolicy denotes if this Service
desires to route external traffic to node-local or cluster-wide
endpoints. "Local" preserves the client source IP and
@@ -811,8 +943,14 @@ spec:
"Cluster" obscures the client source IP and may cause
a second hop to another node, but should have good overall
load-spreading.
+ sessionAffinity:
type: string
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
healthCheckNodePort:
+ type: integer
description: healthCheckNodePort specifies the healthcheck
nodePort for the service. If not specified, HealthCheckNodePort
is created by the service api backend with the allocated
@@ -820,8 +958,8 @@ spec:
by the client. Only effects when Type is set to LoadBalancer
and ExternalTrafficPolicy is set to Local.
format: int32
- type: integer
ipFamily:
+ type: string
description: ipFamily specifies whether this Service has
a preference for a particular IP family (e.g. IPv4 vs.
IPv6). If a specific IP family is requested, the clusterIP
@@ -835,77 +973,8 @@ spec:
Assigning a ServiceIPFamily not available in the cluster
(e.g. IPv6 in IPv4 only cluster) is an error condition
and will fail during clusterIP assignment.
- type: string
- loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer
- LoadBalancer will get created with the IP specified in
- this field. This feature depends on whether the underlying
- cloud-provider supports specifying the loadBalancerIP
- when a load balancer is created. This field will be ignored
- if the cloud-provider does not support the feature.'
- type: string
- loadBalancerSourceRanges:
- description: 'If specified and supported by the platform,
- this will restrict traffic through the cloud-provider
- load-balancer will be restricted to the specified client
- IPs. This field will be ignored if the cloud-provider
- does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
- items:
- type: string
- type: array
- ports:
- description: 'The list of ports that are exposed by this
- service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- items:
- description: ServicePort contains information on service's
- port.
- properties:
- name:
- description: The name of this port within the service.
- This must be a DNS_LABEL. All ports within a ServiceSpec
- must have unique names. When considering the endpoints
- for a Service, this must match the 'name' field
- in the EndpointPort. Optional if only one ServicePort
- is defined on this service.
- type: string
- nodePort:
- description: 'The port on each node on which this
- service is exposed when type=NodePort or LoadBalancer.
- Usually assigned by the system. If specified, it
- will be allocated to the service if unused or else
- creation of the service will fail. Default is to
- auto-allocate a port if the ServiceType of this
- Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
- format: int32
- type: integer
- port:
- description: The port that will be exposed by this
- service.
- format: int32
- type: integer
- protocol:
- description: The IP protocol for this port. Supports
- "TCP", "UDP", and "SCTP". Default is TCP.
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: 'Number or name of the port to access
- on the pods targeted by the service. Number must
- be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored
- for services with clusterIP=None, and should be
- omitted or set equal to the ''port'' field. More
- info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
- required:
- - port
- type: object
- type: array
publishNotReadyAddresses:
+ type: boolean
description: publishNotReadyAddresses, when set to true,
indicates that DNS implementations must publish the notReadyAddresses
of subsets for the Endpoints associated with the Service.
@@ -913,41 +982,25 @@ spec:
this field is to use a StatefulSet's Headless Service
to propagate SRV records for its Pods without respect
to their readiness for purpose of peer discovery.
- type: boolean
- selector:
- additionalProperties:
- type: string
- description: 'Route service traffic to pods with label keys
- and values matching this selector. If empty or not present,
- the service is assumed to have an external process managing
- its endpoints, which Kubernetes will not modify. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
- type: object
- sessionAffinity:
- description: 'Supports "ClientIP" and "None". Used to maintain
- session affinity. Enable client IP based session affinity.
- Must be ClientIP or None. Defaults to None. More info:
- https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
sessionAffinityConfig:
+ type: object
description: sessionAffinityConfig contains the configurations
of session affinity.
properties:
clientIP:
+ type: object
description: clientIP contains the configurations of
Client IP based session affinity.
properties:
timeoutSeconds:
+ type: integer
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
- type: integer
- type: object
- type: object
topologyKeys:
+ type: array
description: topologyKeys is a preference-order list of
topology keys which implementations of services should
use to preferentially sort endpoints when accessing this
@@ -964,29 +1017,12 @@ spec:
constraints will be applied.
items:
type: string
- type: array
- type:
- description: 'type determines how the Service is exposed.
- Defaults to ClusterIP. Valid options are ExternalName,
- ClusterIP, NodePort, and LoadBalancer. "ExternalName"
- maps to the specified externalName. "ClusterIP" allocates
- a cluster-internal IP address for load-balancing to endpoints.
- Endpoints are determined by the selector or if that is
- not specified, by manual construction of an Endpoints
- object. If clusterIP is "None", no virtual IP is allocated
- and the endpoints are published as a set of endpoints
- rather than a stable IP. "NodePort" builds on ClusterIP
- and allocates a port on every node which routes to the
- clusterIP. "LoadBalancer" builds on NodePort and creates
- an external load-balancer (if supported in the current
- cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
- type: string
- type: object
- type: object
tls:
+ type: object
description: TLS defines options for configuring TLS for HTTP.
properties:
certificate:
+ type: object
description: "Certificate is a reference to a Kubernetes secret
that contains the certificate and private key for enabling
TLS. The referenced secret should contain the following: \n
@@ -995,65 +1031,49 @@ spec:
to the first certificate in the certificate chain."
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
selfSignedCertificate:
+ type: object
description: SelfSignedCertificate allows configuring the self-signed
certificate generated by the operator.
properties:
disabled:
+ type: boolean
description: Disabled indicates that the provisioning of
the self-signed certifcate should be disabled.
- type: boolean
subjectAltNames:
+ type: array
description: SubjectAlternativeNames is a list of SANs to
include in the generated HTTP TLS certificate.
items:
+ type: object
description: SubjectAlternativeName represents a SAN entry
in a x509 certificate.
properties:
dns:
- description: DNS is the DNS name of the subject.
type: string
+ description: DNS is the DNS name of the subject.
ip:
- description: IP is the IP address of the subject.
type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- image:
- description: Image is the Elasticsearch Docker image to deploy.
- type: string
+ description: IP is the IP address of the subject.
nodeSets:
+ type: array
description: NodeSets allow specifying groups of Elasticsearch nodes
sharing the same configuration and Pod templates.
items:
+ type: object
description: NodeSet is the specification for a group of Elasticsearch
nodes sharing the same configuration and a Pod template.
properties:
- config:
- description: Config holds the Elasticsearch configuration.
- type: object
- count:
- description: Count of Elasticsearch nodes to deploy.
- format: int32
- minimum: 1
- type: integer
name:
+ type: string
description: Name of this set of nodes. Becomes a part of the
Elasticsearch node.name setting.
maxLength: 23
pattern: '[a-zA-Z0-9-]+'
- type: string
- podTemplate:
- description: PodTemplate provides customisation options (labels,
- annotations, affinity rules, resource requests, and so on) for
- the Pods belonging to this NodeSet.
- type: object
volumeClaimTemplates:
+ type: array
description: VolumeClaimTemplates is a list of persistent volume
claims to be used by each Pod in this NodeSet. Every claim in
this list must have a matching volumeMount in one of the containers
@@ -1061,112 +1081,56 @@ spec:
over any default claims added by the operator with the same
name.
items:
+ type: object
description: PersistentVolumeClaim is a user's request for and
claim to a persistent volume
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of
this representation of an object. Servers should convert
recognized schemas to the latest internal value, and may
reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
type: object
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
spec:
+ type: object
description: 'Spec defines the desired characteristics of
a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
- accessModes:
- description: 'AccessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: This field requires the VolumeSnapshotDataSource
- alpha feature gate to be enabled and currently VolumeSnapshot
- is the only supported data source. If the provisioner
- can support VolumeSnapshot data source, it will create
- a new volume and data will be restored to the volume
- at the same time. If the provisioner does not support
- VolumeSnapshot data source, volume will not be created
- and the failure will be reported as an event. In the
- future, we plan to support more data source types
- and the behavior of the provisioner may change.
- properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
- type: object
- type: object
selector:
+ type: object
description: A label query over volumes to consider
for binding.
properties:
matchExpressions:
+ type: array
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
+ type: object
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
+ type: string
description: key is the label key that the
selector applies to.
- type: string
operator:
+ type: string
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
- type: string
values:
+ type: array
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
@@ -1175,13 +1139,11 @@ spec:
replaced during a strategic merge patch.
items:
type: string
- type: array
required:
- key
- operator
- type: object
- type: array
matchLabels:
+ type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
@@ -1190,33 +1152,94 @@ spec:
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
+ resources:
+ type: object
+ description: 'Resources represents the minimum resources
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ type: object
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ requests:
type: object
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ accessModes:
+ type: array
+ description: 'AccessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ dataSource:
type: object
+ description: This field requires the VolumeSnapshotDataSource
+ alpha feature gate to be enabled and currently VolumeSnapshot
+ is the only supported data source. If the provisioner
+ can support VolumeSnapshot data source, it will create
+ a new volume and data will be restored to the volume
+ at the same time. If the provisioner does not support
+ VolumeSnapshot data source, volume will not be created
+ and the failure will be reported as an event. In the
+ future, we plan to support more data source types
+ and the behavior of the provisioner may change.
+ properties:
+ name:
+ type: string
+ description: Name is the name of resource being
+ referenced
+ kind:
+ type: string
+ description: Kind is the type of resource being
+ referenced
+ apiGroup:
+ type: string
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ required:
+ - kind
+ - name
storageClassName:
+ type: string
description: 'Name of the StorageClass required by the
claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
volumeMode:
+ type: string
description: volumeMode defines what type of volume
is required by the claim. Value of Filesystem is implied
when not included in claim spec. This is a beta feature.
- type: string
volumeName:
+ type: string
description: VolumeName is the binding reference to
the PersistentVolume backing this claim.
- type: string
- type: object
status:
+ type: object
description: 'Status represents the current information/status
of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
+ type: array
description: 'AccessModes contains the actual access
modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
- type: array
capacity:
+ type: object
additionalProperties:
anyOf:
- type: integer
@@ -1224,111 +1247,106 @@ spec:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
description: Represents the actual resources of the
underlying volume.
- type: object
conditions:
+ type: array
description: Current Condition of persistent volume
claim. If underlying persistent volume is being resized
then the Condition will be set to 'ResizeStarted'.
items:
+ type: object
description: PersistentVolumeClaimCondition contails
details about state of pvc
properties:
+ type:
+ type: string
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ status:
+ type: string
lastProbeTime:
+ type: string
description: Last time we probed the condition.
format: date-time
- type: string
lastTransitionTime:
+ type: string
description: Last time the condition transitioned
from one status to another.
format: date-time
- type: string
message:
+ type: string
description: Human-readable message indicating
details about last transition.
- type: string
reason:
+ type: string
description: Unique, this should be a short, machine
understandable string that gives the reason
for condition's last transition. If it reports
"ResizeStarted" that means the underlying persistent
volume is being resized.
- type: string
- status:
- type: string
- type:
- description: PersistentVolumeClaimConditionType
- is a valid value of PersistentVolumeClaimCondition.Type
- type: string
required:
- status
- type
- type: object
- type: array
phase:
- description: Phase represents the current phase of PersistentVolumeClaim.
type: string
- type: object
- type: object
- type: array
+ description: Phase represents the current phase of PersistentVolumeClaim.
+ config:
+ type: object
+ description: Config holds the Elasticsearch configuration.
+ count:
+ type: integer
+ description: Count of Elasticsearch nodes to deploy.
+ format: int32
+ minimum: 1
+ podTemplate:
+ type: object
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on) for
+ the Pods belonging to this NodeSet.
required:
- count
- name
- type: object
minItems: 1
- type: array
podDisruptionBudget:
+ type: object
description: PodDisruptionBudget provides access to the default pod
disruption budget for the Elasticsearch cluster. The default budget
selects all cluster pods and sets `maxUnavailable` to 1. To disable,
set `PodDisruptionBudget` to the empty value (`{}` in YAML).
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the PDB. The name and
namespace provided here are managed by ECK and will be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the PDB.
properties:
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: An eviction is allowed if at most "maxUnavailable"
- pods selected by "selector" are unavailable after the eviction,
- i.e. even in absence of the evicted pod. For example, one
- can prevent all voluntary evictions by specifying 0. This
- is a mutually exclusive setting with "minAvailable".
- minAvailable:
- anyOf:
- - type: integer
- - type: string
- description: An eviction is allowed if at least "minAvailable"
- pods selected by "selector" will still be available after
- the eviction, i.e. even in the absence of the evicted pod. So
- for example you can prevent all voluntary evictions by specifying
- "100%".
selector:
+ type: object
description: Label query over pods whose evictions are managed
by the disruption budget.
properties:
matchExpressions:
+ type: array
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
+ type: object
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
+ type: string
description: key is the label key that the selector
applies to.
- type: string
operator:
+ type: string
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
- type: string
values:
+ type: array
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
@@ -1336,13 +1354,11 @@ spec:
array is replaced during a strategic merge patch.
items:
type: string
- type: array
required:
- key
- operator
- type: object
- type: array
matchLabels:
+ type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
@@ -1350,98 +1366,189 @@ spec:
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
- type: object
- type: object
- type: object
- type: object
- remoteClusters:
- description: RemoteClusters enables you to establish uni-directional
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at most "maxUnavailable"
+ pods selected by "selector" are unavailable after the eviction,
+ i.e. even in absence of the evicted pod. For example, one
+ can prevent all voluntary evictions by specifying 0. This
+ is a mutually exclusive setting with "minAvailable".
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at least "minAvailable"
+ pods selected by "selector" will still be available after
+ the eviction, i.e. even in the absence of the evicted pod. So
+ for example you can prevent all voluntary evictions by specifying
+ "100%".
+ remoteClusters:
+ type: array
+ description: RemoteClusters enables you to establish uni-directional
connections to a remote Elasticsearch cluster.
items:
+ type: object
description: RemoteCluster declares a remote Elasticsearch cluster
connection.
properties:
+ name:
+ type: string
+ description: Name is the name of the remote cluster as it is set
+ in the Elasticsearch settings. The name is expected to be unique
+ for each remote clusters.
+ minLength: 1
elasticsearchRef:
+ type: object
description: ElasticsearchRef is a reference to an Elasticsearch
cluster running within the same k8s cluster.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty,
defaults to the current namespace.
- type: string
required:
- name
- type: object
- name:
- description: Name is the name of the remote cluster as it is set
- in the Elasticsearch settings. The name is expected to be unique
- for each remote clusters.
- minLength: 1
- type: string
required:
- name
- type: object
- type: array
secureSettings:
+ type: array
description: SecureSettings is a list of references to Kubernetes secrets
containing sensitive configuration options for Elasticsearch.
items:
+ type: object
description: SecretSource defines a data source based on a Kubernetes
Secret.
properties:
entries:
+ type: array
description: Entries define how to project each key-value pair
in the secret to filesystem paths. If not defined, all keys
will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the
corresponding paths.
items:
+ type: object
description: KeyToPath defines how to map a key in a Secret
object to a filesystem path.
properties:
key:
- description: Key is the key contained in the secret.
type: string
+ description: Key is the key contained in the secret.
path:
+ type: string
description: Path is the relative file path to map the key
to. Path must not be an absolute file path and must not
contain any ".." components.
- type: string
required:
- key
- type: object
- type: array
secretName:
- description: SecretName is the name of the secret.
type: string
+ description: SecretName is the name of the secret.
required:
- secretName
- type: object
- type: array
- serviceAccountName:
- description: ServiceAccountName is used to check access from the current
- resource to a resource (eg. a remote Elasticsearch cluster) in a different
- namespace. Can only be used if ECK is enforcing RBAC on references.
- type: string
transport:
+ type: object
description: Transport holds transport layer settings for Elasticsearch.
properties:
service:
+ type: object
description: Service defines the template for the associated Kubernetes
Service object.
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the service. The
name and namespace provided here are managed by ECK and will
be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the service.
properties:
+ type:
+ type: string
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ selector:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ ports:
+ type: array
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ type: object
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ type: string
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ protocol:
+ type: string
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ port:
+ type: integer
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ nodePort:
+ type: integer
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ required:
+ - port
clusterIP:
+ type: string
description: 'clusterIP is the IP address of the service
and is usually assigned randomly by the master. If an
address is specified manually and is not in use by others,
@@ -1452,8 +1559,8 @@ spec:
headless services when proxying is not required. Only
applies to types ClusterIP, NodePort, and LoadBalancer.
Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
externalIPs:
+ type: array
description: externalIPs is a list of IP addresses for which
nodes in the cluster will also accept traffic for this
service. These IPs are not managed by Kubernetes. The
@@ -1462,15 +1569,32 @@ spec:
load-balancers that are not part of the Kubernetes system.
items:
type: string
+ loadBalancerIP:
+ type: string
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ loadBalancerSourceRanges:
type: array
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
externalName:
+ type: string
description: externalName is the external reference that
kubedns or equivalent will return as a CNAME record for
this service. No proxying will be involved. Must be a
valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
and requires Type to be ExternalName.
- type: string
externalTrafficPolicy:
+ type: string
description: externalTrafficPolicy denotes if this Service
desires to route external traffic to node-local or cluster-wide
endpoints. "Local" preserves the client source IP and
@@ -1479,8 +1603,14 @@ spec:
"Cluster" obscures the client source IP and may cause
a second hop to another node, but should have good overall
load-spreading.
+ sessionAffinity:
type: string
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
healthCheckNodePort:
+ type: integer
description: healthCheckNodePort specifies the healthcheck
nodePort for the service. If not specified, HealthCheckNodePort
is created by the service api backend with the allocated
@@ -1488,8 +1618,8 @@ spec:
by the client. Only effects when Type is set to LoadBalancer
and ExternalTrafficPolicy is set to Local.
format: int32
- type: integer
ipFamily:
+ type: string
description: ipFamily specifies whether this Service has
a preference for a particular IP family (e.g. IPv4 vs.
IPv6). If a specific IP family is requested, the clusterIP
@@ -1503,77 +1633,8 @@ spec:
Assigning a ServiceIPFamily not available in the cluster
(e.g. IPv6 in IPv4 only cluster) is an error condition
and will fail during clusterIP assignment.
- type: string
- loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer
- LoadBalancer will get created with the IP specified in
- this field. This feature depends on whether the underlying
- cloud-provider supports specifying the loadBalancerIP
- when a load balancer is created. This field will be ignored
- if the cloud-provider does not support the feature.'
- type: string
- loadBalancerSourceRanges:
- description: 'If specified and supported by the platform,
- this will restrict traffic through the cloud-provider
- load-balancer will be restricted to the specified client
- IPs. This field will be ignored if the cloud-provider
- does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
- items:
- type: string
- type: array
- ports:
- description: 'The list of ports that are exposed by this
- service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- items:
- description: ServicePort contains information on service's
- port.
- properties:
- name:
- description: The name of this port within the service.
- This must be a DNS_LABEL. All ports within a ServiceSpec
- must have unique names. When considering the endpoints
- for a Service, this must match the 'name' field
- in the EndpointPort. Optional if only one ServicePort
- is defined on this service.
- type: string
- nodePort:
- description: 'The port on each node on which this
- service is exposed when type=NodePort or LoadBalancer.
- Usually assigned by the system. If specified, it
- will be allocated to the service if unused or else
- creation of the service will fail. Default is to
- auto-allocate a port if the ServiceType of this
- Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
- format: int32
- type: integer
- port:
- description: The port that will be exposed by this
- service.
- format: int32
- type: integer
- protocol:
- description: The IP protocol for this port. Supports
- "TCP", "UDP", and "SCTP". Default is TCP.
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: 'Number or name of the port to access
- on the pods targeted by the service. Number must
- be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored
- for services with clusterIP=None, and should be
- omitted or set equal to the ''port'' field. More
- info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
- required:
- - port
- type: object
- type: array
publishNotReadyAddresses:
+ type: boolean
description: publishNotReadyAddresses, when set to true,
indicates that DNS implementations must publish the notReadyAddresses
of subsets for the Endpoints associated with the Service.
@@ -1581,124 +1642,62 @@ spec:
this field is to use a StatefulSet's Headless Service
to propagate SRV records for its Pods without respect
to their readiness for purpose of peer discovery.
- type: boolean
- selector:
- additionalProperties:
- type: string
- description: 'Route service traffic to pods with label keys
- and values matching this selector. If empty or not present,
- the service is assumed to have an external process managing
- its endpoints, which Kubernetes will not modify. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
- type: object
- sessionAffinity:
- description: 'Supports "ClientIP" and "None". Used to maintain
- session affinity. Enable client IP based session affinity.
- Must be ClientIP or None. Defaults to None. More info:
- https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
sessionAffinityConfig:
+ type: object
description: sessionAffinityConfig contains the configurations
of session affinity.
properties:
clientIP:
+ type: object
description: clientIP contains the configurations of
Client IP based session affinity.
properties:
timeoutSeconds:
+ type: integer
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
- type: integer
- type: object
- type: object
topologyKeys:
+ type: array
description: topologyKeys is a preference-order list of
topology keys which implementations of services should
use to preferentially sort endpoints when accessing this
- Service, it can not be used at the same time as externalTrafficPolicy=Local.
- Topology keys must be valid label keys and at most 16
- keys may be specified. Endpoints are chosen based on the
- first topology key with available backends. If this field
- is specified and all entries have no backends that match
- the topology of the client, the service has no backends
- for that client and connections should fail. The special
- value "*" may be used to mean "any topology". This catch-all
- value, if used, only makes sense as the last value in
- the list. If this is not specified or empty, no topology
- constraints will be applied.
- items:
- type: string
- type: array
- type:
- description: 'type determines how the Service is exposed.
- Defaults to ClusterIP. Valid options are ExternalName,
- ClusterIP, NodePort, and LoadBalancer. "ExternalName"
- maps to the specified externalName. "ClusterIP" allocates
- a cluster-internal IP address for load-balancing to endpoints.
- Endpoints are determined by the selector or if that is
- not specified, by manual construction of an Endpoints
- object. If clusterIP is "None", no virtual IP is allocated
- and the endpoints are published as a set of endpoints
- rather than a stable IP. "NodePort" builds on ClusterIP
- and allocates a port on every node which routes to the
- clusterIP. "LoadBalancer" builds on NodePort and creates
- an external load-balancer (if supported in the current
- cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
- type: string
- type: object
- type: object
- type: object
- updateStrategy:
- description: UpdateStrategy specifies how updates to the cluster should
- be performed.
- properties:
- changeBudget:
- description: ChangeBudget defines the constraints to consider when
- applying changes to the Elasticsearch cluster.
- properties:
- maxSurge:
- description: MaxSurge is the maximum number of new pods that
- can be created exceeding the original number of pods defined
- in the specification. MaxSurge is only taken into consideration
- when scaling up. Setting a negative value will disable the
- restriction. Defaults to unbounded if not specified.
- format: int32
- type: integer
- maxUnavailable:
- description: MaxUnavailable is the maximum number of pods that
- can be unavailable (not ready) during the update due to circumstances
- under the control of the operator. Setting a negative value
- will disable this restriction. Defaults to 1 if not specified.
- format: int32
- type: integer
- type: object
- type: object
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
version:
- description: Version of Elasticsearch.
type: string
+ description: Version of Elasticsearch.
required:
- nodeSets
- version
- type: object
status:
+ type: object
description: ElasticsearchStatus defines the observed state of Elasticsearch
properties:
availableNodes:
- format: int32
type: integer
+ format: int32
health:
+ type: string
description: ElasticsearchHealth is the health of the cluster as returned
by the health API.
- type: string
phase:
+ type: string
description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
is in from the controller point of view.
- type: string
- type: object
version: v1
versions:
- name: v1
@@ -1720,31 +1719,31 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: enterprisesearches.enterprisesearch.k8s.elastic.co
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
- name: enterprisesearches.enterprisesearch.k8s.elastic.co
spec:
additionalPrinterColumns:
- - JSONPath: .status.health
- name: health
+ - name: health
type: string
- - JSONPath: .status.availableNodes
- description: Available nodes
- name: nodes
+ JSONPath: .status.health
+ - name: nodes
type: integer
- - JSONPath: .spec.version
- description: Enterprise Search version
- name: version
+ JSONPath: .status.availableNodes
+ description: Available nodes
+ - name: version
type: string
- - JSONPath: .metadata.creationTimestamp
- name: age
+ JSONPath: .spec.version
+ description: Enterprise Search version
+ - name: age
type: date
+ JSONPath: .metadata.creationTimestamp
group: enterprisesearch.k8s.elastic.co
names:
+ kind: EnterpriseSearch
categories:
- elastic
- kind: EnterpriseSearch
listKind: EnterpriseSearchList
plural: enterprisesearches
shortNames:
@@ -1758,182 +1757,132 @@ spec:
description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search.
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
type: object
spec:
+ type: object
description: EnterpriseSearchSpec holds the specification of an Enterprise
Search resource.
properties:
+ serviceAccountName:
+ type: string
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ image:
+ type: string
+ description: Image is the Enterprise Search Docker image to deploy.
config:
- description: Config holds the Enterprise Search configuration.
type: object
+ description: Config holds the Enterprise Search configuration.
configRef:
+ type: object
description: ConfigRef contains a reference to an existing Kubernetes
Secret holding the Enterprise Search configuration. Configuration
settings are merged and have precedence over settings specified in
`config`.
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
count:
+ type: integer
description: Count of Enterprise Search instances to deploy.
format: int32
- type: integer
elasticsearchRef:
+ type: object
description: ElasticsearchRef is a reference to the Elasticsearch cluster
running in the same Kubernetes cluster.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
http:
+ type: object
description: HTTP holds the HTTP layer configuration for Enterprise
Search resource.
properties:
service:
+ type: object
description: Service defines the template for the associated Kubernetes
Service object.
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the service. The
name and namespace provided here are managed by ECK and will
be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the service.
properties:
- clusterIP:
- description: 'clusterIP is the IP address of the service
- and is usually assigned randomly by the master. If an
- address is specified manually and is not in use by others,
- it will be allocated to the service; otherwise, creation
- of the service will fail. This field can not be changed
- through updates. Valid values are "None", empty string
- (""), or a valid IP address. "None" can be specified for
- headless services when proxying is not required. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
- externalIPs:
- description: externalIPs is a list of IP addresses for which
- nodes in the cluster will also accept traffic for this
- service. These IPs are not managed by Kubernetes. The
- user is responsible for ensuring that traffic arrives
- at a node with this IP. A common example is external
- load-balancers that are not part of the Kubernetes system.
- items:
- type: string
- type: array
- externalName:
- description: externalName is the external reference that
- kubedns or equivalent will return as a CNAME record for
- this service. No proxying will be involved. Must be a
- valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
- and requires Type to be ExternalName.
- type: string
- externalTrafficPolicy:
- description: externalTrafficPolicy denotes if this Service
- desires to route external traffic to node-local or cluster-wide
- endpoints. "Local" preserves the client source IP and
- avoids a second hop for LoadBalancer and Nodeport type
- services, but risks potentially imbalanced traffic spreading.
- "Cluster" obscures the client source IP and may cause
- a second hop to another node, but should have good overall
- load-spreading.
- type: string
- healthCheckNodePort:
- description: healthCheckNodePort specifies the healthcheck
- nodePort for the service. If not specified, HealthCheckNodePort
- is created by the service api backend with the allocated
- nodePort. Will use user-specified nodePort value if specified
- by the client. Only effects when Type is set to LoadBalancer
- and ExternalTrafficPolicy is set to Local.
- format: int32
- type: integer
- ipFamily:
- description: ipFamily specifies whether this Service has
- a preference for a particular IP family (e.g. IPv4 vs.
- IPv6). If a specific IP family is requested, the clusterIP
- field will be allocated from that family, if it is available
- in the cluster. If no IP family is requested, the cluster's
- primary IP family will be used. Other IP fields (loadBalancerIP,
- loadBalancerSourceRanges, externalIPs) and controllers
- which allocate external load-balancers should use the
- same IP family. Endpoints for this Service will be of
- this family. This field is immutable after creation.
- Assigning a ServiceIPFamily not available in the cluster
- (e.g. IPv6 in IPv4 only cluster) is an error condition
- and will fail during clusterIP assignment.
- type: string
- loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer
- LoadBalancer will get created with the IP specified in
- this field. This feature depends on whether the underlying
- cloud-provider supports specifying the loadBalancerIP
- when a load balancer is created. This field will be ignored
- if the cloud-provider does not support the feature.'
+ type:
type: string
- loadBalancerSourceRanges:
- description: 'If specified and supported by the platform,
- this will restrict traffic through the cloud-provider
- load-balancer will be restricted to the specified client
- IPs. This field will be ignored if the cloud-provider
- does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
- items:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ selector:
+ type: object
+ additionalProperties:
type: string
- type: array
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
ports:
+ type: array
description: 'The list of ports that are exposed by this
service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
items:
+ type: object
description: ServicePort contains information on service's
port.
properties:
name:
+ type: string
description: The name of this port within the service.
This must be a DNS_LABEL. All ports within a ServiceSpec
must have unique names. When considering the endpoints
for a Service, this must match the 'name' field
in the EndpointPort. Optional if only one ServicePort
is defined on this service.
+ protocol:
type: string
- nodePort:
- description: 'The port on each node on which this
- service is exposed when type=NodePort or LoadBalancer.
- Usually assigned by the system. If specified, it
- will be allocated to the service if unused or else
- creation of the service will fail. Default is to
- auto-allocate a port if the ServiceType of this
- Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
- format: int32
- type: integer
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
port:
+ type: integer
description: The port that will be exposed by this
service.
format: int32
- type: integer
- protocol:
- description: The IP protocol for this port. Supports
- "TCP", "UDP", and "SCTP". Default is TCP.
- type: string
targetPort:
anyOf:
- type: integer
@@ -1948,11 +1897,106 @@ spec:
for services with clusterIP=None, and should be
omitted or set equal to the ''port'' field. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ nodePort:
+ type: integer
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
required:
- port
- type: object
+ clusterIP:
+ type: string
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ externalIPs:
+ type: array
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ loadBalancerIP:
+ type: string
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ loadBalancerSourceRanges:
type: array
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ externalName:
+ type: string
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ externalTrafficPolicy:
+ type: string
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ sessionAffinity:
+ type: string
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ healthCheckNodePort:
+ type: integer
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ ipFamily:
+ type: string
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
publishNotReadyAddresses:
+ type: boolean
description: publishNotReadyAddresses, when set to true,
indicates that DNS implementations must publish the notReadyAddresses
of subsets for the Endpoints associated with the Service.
@@ -1960,41 +2004,25 @@ spec:
this field is to use a StatefulSet's Headless Service
to propagate SRV records for its Pods without respect
to their readiness for purpose of peer discovery.
- type: boolean
- selector:
- additionalProperties:
- type: string
- description: 'Route service traffic to pods with label keys
- and values matching this selector. If empty or not present,
- the service is assumed to have an external process managing
- its endpoints, which Kubernetes will not modify. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
- type: object
- sessionAffinity:
- description: 'Supports "ClientIP" and "None". Used to maintain
- session affinity. Enable client IP based session affinity.
- Must be ClientIP or None. Defaults to None. More info:
- https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
sessionAffinityConfig:
+ type: object
description: sessionAffinityConfig contains the configurations
of session affinity.
properties:
clientIP:
+ type: object
description: clientIP contains the configurations of
Client IP based session affinity.
properties:
timeoutSeconds:
+ type: integer
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
- type: integer
- type: object
- type: object
topologyKeys:
+ type: array
description: topologyKeys is a preference-order list of
topology keys which implementations of services should
use to preferentially sort endpoints when accessing this
@@ -2011,29 +2039,12 @@ spec:
constraints will be applied.
items:
type: string
- type: array
- type:
- description: 'type determines how the Service is exposed.
- Defaults to ClusterIP. Valid options are ExternalName,
- ClusterIP, NodePort, and LoadBalancer. "ExternalName"
- maps to the specified externalName. "ClusterIP" allocates
- a cluster-internal IP address for load-balancing to endpoints.
- Endpoints are determined by the selector or if that is
- not specified, by manual construction of an Endpoints
- object. If clusterIP is "None", no virtual IP is allocated
- and the endpoints are published as a set of endpoints
- rather than a stable IP. "NodePort" builds on ClusterIP
- and allocates a port on every node which routes to the
- clusterIP. "LoadBalancer" builds on NodePort and creates
- an external load-balancer (if supported in the current
- cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
- type: string
- type: object
- type: object
tls:
+ type: object
description: TLS defines options for configuring TLS for HTTP.
properties:
certificate:
+ type: object
description: "Certificate is a reference to a Kubernetes secret
that contains the certificate and private key for enabling
TLS. The referenced secret should contain the following: \n
@@ -2042,71 +2053,59 @@ spec:
to the first certificate in the certificate chain."
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
selfSignedCertificate:
+ type: object
description: SelfSignedCertificate allows configuring the self-signed
certificate generated by the operator.
properties:
disabled:
+ type: boolean
description: Disabled indicates that the provisioning of
the self-signed certifcate should be disabled.
- type: boolean
subjectAltNames:
+ type: array
description: SubjectAlternativeNames is a list of SANs to
include in the generated HTTP TLS certificate.
items:
+ type: object
description: SubjectAlternativeName represents a SAN entry
in a x509 certificate.
properties:
dns:
- description: DNS is the DNS name of the subject.
type: string
+ description: DNS is the DNS name of the subject.
ip:
- description: IP is the IP address of the subject.
type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- image:
- description: Image is the Enterprise Search Docker image to deploy.
- type: string
+ description: IP is the IP address of the subject.
podTemplate:
+ type: object
description: PodTemplate provides customisation options (labels, annotations,
affinity rules, resource requests, and so on) for the Enterprise Search
pods.
- type: object
- serviceAccountName:
- description: ServiceAccountName is used to check access from the current
- resource to a resource (eg. Elasticsearch) in a different namespace.
- Can only be used if ECK is enforcing RBAC on references.
- type: string
version:
- description: Version of Enterprise Search.
type: string
- type: object
+ description: Version of Enterprise Search.
status:
+ type: object
description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
properties:
+ service:
+ type: string
+ description: ExternalService is the name of the service associated to
+ the Enterprise Search Pods.
associationStatus:
+ type: string
description: Association is the status of any auto-linking to Elasticsearch
clusters.
- type: string
availableNodes:
- format: int32
type: integer
+ format: int32
health:
+ type: string
description: EnterpriseSearchHealth expresses the health of the Enterprise
Search instances.
- type: string
- service:
- description: ExternalService is the name of the service associated to
- the Enterprise Search Pods.
- type: string
- type: object
version: v1beta1
versions:
- name: v1beta1
@@ -2122,31 +2121,31 @@ status:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
+ name: kibanas.kibana.k8s.elastic.co
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
- name: kibanas.kibana.k8s.elastic.co
spec:
additionalPrinterColumns:
- - JSONPath: .status.health
- name: health
+ - name: health
type: string
- - JSONPath: .status.availableNodes
- description: Available nodes
- name: nodes
+ JSONPath: .status.health
+ - name: nodes
type: integer
- - JSONPath: .spec.version
- description: Kibana version
- name: version
+ JSONPath: .status.availableNodes
+ description: Available nodes
+ - name: version
type: string
- - JSONPath: .metadata.creationTimestamp
- name: age
+ JSONPath: .spec.version
+ description: Kibana version
+ - name: age
type: date
+ JSONPath: .metadata.creationTimestamp
group: kibana.k8s.elastic.co
names:
+ kind: Kibana
categories:
- elastic
- kind: Kibana
listKind: KibanaList
plural: kibanas
shortNames:
@@ -2160,57 +2159,148 @@ spec:
description: Kibana represents a Kibana resource in a Kubernetes cluster.
properties:
apiVersion:
+ type: string
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
kind:
+ type: string
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
metadata:
type: object
spec:
+ type: object
description: KibanaSpec holds the specification of a Kibana instance.
properties:
+ serviceAccountName:
+ type: string
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ image:
+ type: string
+ description: Image is the Kibana Docker image to deploy.
config:
- description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
type: object
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
count:
+ type: integer
description: Count of Kibana instances to deploy.
format: int32
- type: integer
elasticsearchRef:
+ type: object
description: ElasticsearchRef is a reference to an Elasticsearch cluster
running in the same Kubernetes cluster.
properties:
name:
- description: Name of the Kubernetes object.
type: string
+ description: Name of the Kubernetes object.
namespace:
+ type: string
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
- type: string
required:
- name
- type: object
http:
+ type: object
description: HTTP holds the HTTP layer configuration for Kibana.
properties:
service:
+ type: object
description: Service defines the template for the associated Kubernetes
Service object.
properties:
metadata:
+ type: object
description: ObjectMeta is the metadata of the service. The
name and namespace provided here are managed by ECK and will
be ignored.
- type: object
spec:
+ type: object
description: Spec is the specification of the service.
properties:
+ type:
+ type: string
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ selector:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ ports:
+ type: array
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ type: object
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ type: string
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ protocol:
+ type: string
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ port:
+ type: integer
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ nodePort:
+ type: integer
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ required:
+ - port
clusterIP:
+ type: string
description: 'clusterIP is the IP address of the service
and is usually assigned randomly by the master. If an
address is specified manually and is not in use by others,
@@ -2221,8 +2311,8 @@ spec:
headless services when proxying is not required. Only
applies to types ClusterIP, NodePort, and LoadBalancer.
Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
externalIPs:
+ type: array
description: externalIPs is a list of IP addresses for which
nodes in the cluster will also accept traffic for this
service. These IPs are not managed by Kubernetes. The
@@ -2231,15 +2321,32 @@ spec:
load-balancers that are not part of the Kubernetes system.
items:
type: string
+ loadBalancerIP:
+ type: string
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ loadBalancerSourceRanges:
type: array
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
externalName:
+ type: string
description: externalName is the external reference that
kubedns or equivalent will return as a CNAME record for
this service. No proxying will be involved. Must be a
valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
and requires Type to be ExternalName.
- type: string
externalTrafficPolicy:
+ type: string
description: externalTrafficPolicy denotes if this Service
desires to route external traffic to node-local or cluster-wide
endpoints. "Local" preserves the client source IP and
@@ -2248,8 +2355,14 @@ spec:
"Cluster" obscures the client source IP and may cause
a second hop to another node, but should have good overall
load-spreading.
+ sessionAffinity:
type: string
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
healthCheckNodePort:
+ type: integer
description: healthCheckNodePort specifies the healthcheck
nodePort for the service. If not specified, HealthCheckNodePort
is created by the service api backend with the allocated
@@ -2257,8 +2370,8 @@ spec:
by the client. Only effects when Type is set to LoadBalancer
and ExternalTrafficPolicy is set to Local.
format: int32
- type: integer
ipFamily:
+ type: string
description: ipFamily specifies whether this Service has
a preference for a particular IP family (e.g. IPv4 vs.
IPv6). If a specific IP family is requested, the clusterIP
@@ -2272,77 +2385,8 @@ spec:
Assigning a ServiceIPFamily not available in the cluster
(e.g. IPv6 in IPv4 only cluster) is an error condition
and will fail during clusterIP assignment.
- type: string
- loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer
- LoadBalancer will get created with the IP specified in
- this field. This feature depends on whether the underlying
- cloud-provider supports specifying the loadBalancerIP
- when a load balancer is created. This field will be ignored
- if the cloud-provider does not support the feature.'
- type: string
- loadBalancerSourceRanges:
- description: 'If specified and supported by the platform,
- this will restrict traffic through the cloud-provider
- load-balancer will be restricted to the specified client
- IPs. This field will be ignored if the cloud-provider
- does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
- items:
- type: string
- type: array
- ports:
- description: 'The list of ports that are exposed by this
- service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- items:
- description: ServicePort contains information on service's
- port.
- properties:
- name:
- description: The name of this port within the service.
- This must be a DNS_LABEL. All ports within a ServiceSpec
- must have unique names. When considering the endpoints
- for a Service, this must match the 'name' field
- in the EndpointPort. Optional if only one ServicePort
- is defined on this service.
- type: string
- nodePort:
- description: 'The port on each node on which this
- service is exposed when type=NodePort or LoadBalancer.
- Usually assigned by the system. If specified, it
- will be allocated to the service if unused or else
- creation of the service will fail. Default is to
- auto-allocate a port if the ServiceType of this
- Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
- format: int32
- type: integer
- port:
- description: The port that will be exposed by this
- service.
- format: int32
- type: integer
- protocol:
- description: The IP protocol for this port. Supports
- "TCP", "UDP", and "SCTP". Default is TCP.
- type: string
- targetPort:
- anyOf:
- - type: integer
- - type: string
- description: 'Number or name of the port to access
- on the pods targeted by the service. Number must
- be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored
- for services with clusterIP=None, and should be
- omitted or set equal to the ''port'' field. More
- info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
- required:
- - port
- type: object
- type: array
publishNotReadyAddresses:
+ type: boolean
description: publishNotReadyAddresses, when set to true,
indicates that DNS implementations must publish the notReadyAddresses
of subsets for the Endpoints associated with the Service.
@@ -2350,41 +2394,25 @@ spec:
this field is to use a StatefulSet's Headless Service
to propagate SRV records for its Pods without respect
to their readiness for purpose of peer discovery.
- type: boolean
- selector:
- additionalProperties:
- type: string
- description: 'Route service traffic to pods with label keys
- and values matching this selector. If empty or not present,
- the service is assumed to have an external process managing
- its endpoints, which Kubernetes will not modify. Only
- applies to types ClusterIP, NodePort, and LoadBalancer.
- Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
- type: object
- sessionAffinity:
- description: 'Supports "ClientIP" and "None". Used to maintain
- session affinity. Enable client IP based session affinity.
- Must be ClientIP or None. Defaults to None. More info:
- https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
- type: string
sessionAffinityConfig:
+ type: object
description: sessionAffinityConfig contains the configurations
of session affinity.
properties:
clientIP:
+ type: object
description: clientIP contains the configurations of
Client IP based session affinity.
properties:
timeoutSeconds:
+ type: integer
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
- type: integer
- type: object
- type: object
topologyKeys:
+ type: array
description: topologyKeys is a preference-order list of
topology keys which implementations of services should
use to preferentially sort endpoints when accessing this
@@ -2401,29 +2429,12 @@ spec:
constraints will be applied.
items:
type: string
- type: array
- type:
- description: 'type determines how the Service is exposed.
- Defaults to ClusterIP. Valid options are ExternalName,
- ClusterIP, NodePort, and LoadBalancer. "ExternalName"
- maps to the specified externalName. "ClusterIP" allocates
- a cluster-internal IP address for load-balancing to endpoints.
- Endpoints are determined by the selector or if that is
- not specified, by manual construction of an Endpoints
- object. If clusterIP is "None", no virtual IP is allocated
- and the endpoints are published as a set of endpoints
- rather than a stable IP. "NodePort" builds on ClusterIP
- and allocates a port on every node which routes to the
- clusterIP. "LoadBalancer" builds on NodePort and creates
- an external load-balancer (if supported in the current
- cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
- type: string
- type: object
- type: object
tls:
+ type: object
description: TLS defines options for configuring TLS for HTTP.
properties:
certificate:
+ type: object
description: "Certificate is a reference to a Kubernetes secret
that contains the certificate and private key for enabling
TLS. The referenced secret should contain the following: \n
@@ -2432,102 +2443,90 @@ spec:
to the first certificate in the certificate chain."
properties:
secretName:
- description: SecretName is the name of the secret.
type: string
- type: object
+ description: SecretName is the name of the secret.
selfSignedCertificate:
+ type: object
description: SelfSignedCertificate allows configuring the self-signed
certificate generated by the operator.
properties:
disabled:
+ type: boolean
description: Disabled indicates that the provisioning of
the self-signed certifcate should be disabled.
- type: boolean
subjectAltNames:
+ type: array
description: SubjectAlternativeNames is a list of SANs to
include in the generated HTTP TLS certificate.
items:
+ type: object
description: SubjectAlternativeName represents a SAN entry
in a x509 certificate.
properties:
dns:
- description: DNS is the DNS name of the subject.
type: string
+ description: DNS is the DNS name of the subject.
ip:
- description: IP is the IP address of the subject.
type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- image:
- description: Image is the Kibana Docker image to deploy.
- type: string
+ description: IP is the IP address of the subject.
podTemplate:
+ type: object
description: PodTemplate provides customisation options (labels, annotations,
affinity rules, resource requests, and so on) for the Kibana pods
- type: object
secureSettings:
+ type: array
description: SecureSettings is a list of references to Kubernetes secrets
containing sensitive configuration options for Kibana.
items:
+ type: object
description: SecretSource defines a data source based on a Kubernetes
Secret.
properties:
entries:
+ type: array
description: Entries define how to project each key-value pair
in the secret to filesystem paths. If not defined, all keys
will be projected to similarly named paths in the filesystem.
If defined, only the specified keys will be projected to the
corresponding paths.
items:
+ type: object
description: KeyToPath defines how to map a key in a Secret
object to a filesystem path.
properties:
key:
- description: Key is the key contained in the secret.
type: string
+ description: Key is the key contained in the secret.
path:
+ type: string
description: Path is the relative file path to map the key
to. Path must not be an absolute file path and must not
contain any ".." components.
- type: string
required:
- key
- type: object
- type: array
secretName:
- description: SecretName is the name of the secret.
type: string
+ description: SecretName is the name of the secret.
required:
- secretName
- type: object
- type: array
- serviceAccountName:
- description: ServiceAccountName is used to check access from the current
- resource to a resource (eg. Elasticsearch) in a different namespace.
- Can only be used if ECK is enforcing RBAC on references.
- type: string
version:
- description: Version of Kibana.
type: string
+ description: Version of Kibana.
required:
- version
- type: object
status:
+ type: object
description: KibanaStatus defines the observed state of Kibana
properties:
associationStatus:
- description: AssociationStatus is the status of an association resource.
type: string
+ description: AssociationStatus is the status of an association resource.
availableNodes:
- format: int32
type: integer
+ format: int32
health:
- description: KibanaHealth expresses the status of the Kibana instances.
type: string
- type: object
+ description: KibanaHealth expresses the status of the Kibana instances.
version: v1
versions:
- name: v1
@@ -2545,7 +2544,6 @@ status:
plural: ""
conditions: []
storedVersions: []
-
---
# Source: eck/templates/namespace.yaml
apiVersion: v1
@@ -2573,15 +2571,13 @@ kind: ClusterRole
metadata:
name: elastic-operator
rules:
-- apiGroups:
- - "authorization.k8s.io"
- resources:
+- resources:
- subjectaccessreviews
+ apiGroups:
+ - "authorization.k8s.io"
verbs:
- create
-- apiGroups:
- - ""
- resources:
+- resources:
- pods
- endpoints
- events
@@ -2590,6 +2586,8 @@ rules:
- services
- configmaps
- serviceaccounts
+ apiGroups:
+ - ""
verbs:
- get
- list
@@ -2598,12 +2596,12 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - apps
- resources:
+- resources:
- deployments
- statefulsets
- daemonsets
+ apiGroups:
+ - apps
verbs:
- get
- list
@@ -2612,10 +2610,10 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - policy
- resources:
+- resources:
- poddisruptionbudgets
+ apiGroups:
+ - policy
verbs:
- get
- list
@@ -2624,14 +2622,14 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - elasticsearch.k8s.elastic.co
- resources:
+- resources:
- elasticsearches
- elasticsearches/status
- elasticsearches/finalizers
- enterpriselicenses
- enterpriselicenses/status
+ apiGroups:
+ - elasticsearch.k8s.elastic.co
verbs:
- get
- list
@@ -2640,12 +2638,12 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - kibana.k8s.elastic.co
- resources:
+- resources:
- kibanas
- kibanas/status
- kibanas/finalizers
+ apiGroups:
+ - kibana.k8s.elastic.co
verbs:
- get
- list
@@ -2654,12 +2652,12 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - apm.k8s.elastic.co
- resources:
+- resources:
- apmservers
- apmservers/status
- apmservers/finalizers
+ apiGroups:
+ - apm.k8s.elastic.co
verbs:
- get
- list
@@ -2668,12 +2666,12 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - enterprisesearch.k8s.elastic.co
- resources:
+- resources:
- enterprisesearches
- enterprisesearches/status
- enterprisesearches/finalizers
+ apiGroups:
+ - enterprisesearch.k8s.elastic.co
verbs:
- get
- list
@@ -2682,11 +2680,11 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
+- resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
+ apiGroups:
+ - admissionregistration.k8s.io
verbs:
- get
- list
@@ -2695,12 +2693,12 @@ rules:
- update
- patch
- delete
-- apiGroups:
- - beat.k8s.elastic.co
- resources:
+- resources:
- beats
- beats/status
- beats/finalizers
+ apiGroups:
+ - beat.k8s.elastic.co
verbs:
- get
- list
@@ -2716,25 +2714,25 @@ kind: ClusterRole
metadata:
name: "elastic-operator-view"
labels:
- rbac.authorization.k8s.io/aggregate-to-view: "true"
- rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- - apiGroups: ["elasticsearch.k8s.elastic.co"]
- resources: ["elasticsearches"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["apm.k8s.elastic.co"]
- resources: ["apmservers"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["kibana.k8s.elastic.co"]
- resources: ["kibanas"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["enterprisesearch.k8s.elastic.co"]
- resources: ["enterprisesearches"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["beat.k8s.elastic.co"]
- resources: ["beats"]
- verbs: ["get", "list", "watch"]
+- resources: ["elasticsearches"]
+ apiGroups: ["elasticsearch.k8s.elastic.co"]
+ verbs: ["get", "list", "watch"]
+- resources: ["apmservers"]
+ apiGroups: ["apm.k8s.elastic.co"]
+ verbs: ["get", "list", "watch"]
+- resources: ["kibanas"]
+ apiGroups: ["kibana.k8s.elastic.co"]
+ verbs: ["get", "list", "watch"]
+- resources: ["enterprisesearches"]
+ apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ verbs: ["get", "list", "watch"]
+- resources: ["beats"]
+ apiGroups: ["beat.k8s.elastic.co"]
+ verbs: ["get", "list", "watch"]
---
# Source: eck/templates/cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -2742,24 +2740,24 @@ kind: ClusterRole
metadata:
name: "elastic-operator-edit"
labels:
- rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- - apiGroups: ["elasticsearch.k8s.elastic.co"]
- resources: ["elasticsearches"]
- verbs: ["create", "delete", "deletecollection", "patch", "update"]
- - apiGroups: ["apm.k8s.elastic.co"]
- resources: ["apmservers"]
- verbs: ["create", "delete", "deletecollection", "patch", "update"]
- - apiGroups: ["kibana.k8s.elastic.co"]
- resources: ["kibanas"]
- verbs: ["create", "delete", "deletecollection", "patch", "update"]
- - apiGroups: ["enterprisesearch.k8s.elastic.co"]
- resources: ["enterprisesearches"]
- verbs: ["create", "delete", "deletecollection", "patch", "update"]
- - apiGroups: ["beat.k8s.elastic.co"]
- resources: ["beats"]
- verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- resources: ["elasticsearches"]
+ apiGroups: ["elasticsearch.k8s.elastic.co"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- resources: ["apmservers"]
+ apiGroups: ["apm.k8s.elastic.co"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- resources: ["kibanas"]
+ apiGroups: ["kibana.k8s.elastic.co"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- resources: ["enterprisesearches"]
+ apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- resources: ["beats"]
+ apiGroups: ["beat.k8s.elastic.co"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
---
# Source: eck/templates/managed-ns-role-bindings.yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -2767,13 +2765,13 @@ kind: ClusterRoleBinding
metadata:
name: elastic-operator
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
name: elastic-operator
+ kind: ClusterRole
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: elastic-operator
+- name: elastic-operator
namespace: elastic-system
+ kind: ServiceAccount
---
# Source: eck/templates/operator-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -2782,13 +2780,13 @@ metadata:
name: elastic-operator
namespace: elastic-system
roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
name: elastic-operator
+ kind: ClusterRole
+ apiGroup: rbac.authorization.k8s.io
subjects:
-- kind: ServiceAccount
- name: elastic-operator
+- name: elastic-operator
namespace: elastic-system
+ kind: ServiceAccount
---
# Source: eck/templates/webhook.yaml
apiVersion: v1
@@ -2797,12 +2795,12 @@ metadata:
name: elastic-webhook-server
namespace: elastic-system
spec:
- ports:
- - name: https
- port: 443
- targetPort: 9443
selector:
control-plane: elastic-operator
+ ports:
+ - name: https
+ port: 443
+ targetPort: 9443
---
# Source: eck/templates/statefulset.yaml
apiVersion: apps/v1
@@ -2816,62 +2814,62 @@ spec:
selector:
matchLabels:
control-plane: elastic-operator
- serviceName: elastic-operator
template:
metadata:
+ labels:
+ control-plane: elastic-operator
annotations:
# Rename the fields "error" to "error.message" and "source" to "event.source"
# This is to avoid a conflict with the ECS "error" and "source" documents.
"co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
- labels:
- control-plane: elastic-operator
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: elastic-operator
containers:
- - image: "docker.elastic.co/eck/eck-operator:1.2.1"
- imagePullPolicy: IfNotPresent
- name: manager
+ - name: manager
+ image: "docker.elastic.co/eck/eck-operator:1.2.1"
args:
- - "manager"
- - "--log-verbosity=0"
- - "--metrics-port=0"
- - "--container-registry=docker.elastic.co"
- - "--max-concurrent-reconciles=3"
- - "--ca-cert-validity=8760h"
- - "--ca-cert-rotate-before=24h"
- - "--cert-validity=8760h"
- - "--cert-rotate-before=24h"
- - "--enable-webhook"
- env:
- - name: OPERATOR_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: OPERATOR_IMAGE
- value: "docker.elastic.co/eck/eck-operator:1.2.1"
- - name: WEBHOOK_SECRET
- value: "elastic-webhook-server-cert"
- resources:
- limits:
- cpu: 1
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 150Mi
+ - "manager"
+ - "--log-verbosity=0"
+ - "--metrics-port=0"
+ - "--container-registry=docker.elastic.co"
+ - "--max-concurrent-reconciles=3"
+ - "--ca-cert-validity=8760h"
+ - "--ca-cert-rotate-before=24h"
+ - "--cert-validity=8760h"
+ - "--cert-rotate-before=24h"
+ - "--enable-webhook"
ports:
- - containerPort: 9443
- name: https-webhook
+ - name: https-webhook
protocol: TCP
+ containerPort: 9443
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OPERATOR_IMAGE
+ value: "docker.elastic.co/eck/eck-operator:1.2.1"
+ - name: WEBHOOK_SECRET
+ value: "elastic-webhook-server-cert"
+ resources:
+ limits:
+ cpu: 1
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 150Mi
volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: cert
- readOnly: true
- volumes:
- name: cert
- secret:
- defaultMode: 420
- secretName: "elastic-webhook-server-cert"
+ readOnly: true
+ mountPath: /tmp/k8s-webhook-server/serving-certs
+ imagePullPolicy: IfNotPresent
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: "elastic-webhook-server-cert"
+ serviceName: elastic-operator
---
# Source: eck/templates/webhook.yaml
apiVersion: admissionregistration.k8s.io/v1beta1
@@ -2879,130 +2877,129 @@ kind: ValidatingWebhookConfiguration
metadata:
name: elastic-webhook.k8s.elastic.co
webhooks:
-- clientConfig:
- caBundle: Cg==
+- name: elastic-apm-validation-v1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-apm-k8s-elastic-co-v1-apmserver
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-apm-validation-v1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - apmservers
+ apiGroups:
- apm.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- resources:
- - apmservers
-- clientConfig:
- caBundle: Cg==
+- name: elastic-apm-validation-v1beta1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-apm-validation-v1beta1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - apmservers
+ apiGroups:
- apm.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
- resources:
- - apmservers
-- clientConfig:
- caBundle: Cg==
+- name: elastic-beat-validation-v1beta1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-beat-k8s-elastic-co-v1beta1-beat
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-beat-validation-v1beta1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - beats
+ apiGroups:
- beat.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
- resources:
- - beats
-- clientConfig:
- caBundle: Cg==
+- name: elastic-es-validation-v1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-es-validation-v1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - elasticsearches
+ apiGroups:
- elasticsearch.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- resources:
- - elasticsearches
-- clientConfig:
- caBundle: Cg==
+- name: elastic-es-validation-v1beta1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-es-validation-v1beta1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - elasticsearches
+ apiGroups:
- elasticsearch.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
- resources:
- - elasticsearches
-- clientConfig:
- caBundle: Cg==
+- name: elastic-kb-validation-v1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-kibana-k8s-elastic-co-v1-kibana
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-kb-validation-v1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - kibanas
+ apiGroups:
- kibana.k8s.elastic.co
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- resources:
- - kibanas
-- clientConfig:
- caBundle: Cg==
+- name: elastic-kb-validation-v1beta1.k8s.elastic.co
+ clientConfig:
service:
name: elastic-webhook-server
namespace: elastic-system
path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
+ caBundle: Cg==
failurePolicy: Ignore
- name: elastic-kb-validation-v1beta1.k8s.elastic.co
rules:
- - apiGroups:
+ - resources:
+ - kibanas
+ apiGroups:
- kibana.k8s.elastic.co
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
- resources:
- - kibanas
-
diff --git a/base/logging/eck-operator/kustomization.yaml b/base/logging/eck-operator/kustomization.yaml
index 6729459466ccc2c785d2176a6f5ad9cec226888d..3615a655a3ab3370479d21d9f3d269c3af7b3c8b 100644
--- a/base/logging/eck-operator/kustomization.yaml
+++ b/base/logging/eck-operator/kustomization.yaml
@@ -1,5 +1,5 @@
resources:
- - all-in-one.yaml
+- all-in-one.yaml
#images:
# # TODO: This image doesnt't work yet
diff --git a/base/logging/efk/elasticsearch.yaml b/base/logging/efk/elasticsearch.yaml
index 93605ce628705710f527b038b7a65ae052f94fbb..b5db22e557e8b66a9676902e85d268784a98d1af 100644
--- a/base/logging/efk/elasticsearch.yaml
+++ b/base/logging/efk/elasticsearch.yaml
@@ -3,79 +3,80 @@ kind: Elasticsearch
metadata:
name: elasticsearch
spec:
- version: 7.9.2
image: registry1.dsop.io/ironbank/elastic/elasticsearch/elasticsearch:7.9.2
nodeSets:
- - name: master
- count: 1
- config:
- node.master: true
- node.data: false
- node.ingest: false
- node.store.allow_mmap: true
- index.store.type: mmapfs
- node.ml: false
- xpack.ml.enabled: false
- xpack.security.authc.token.enabled: true
- podTemplate:
- metadata:
- annotations:
- traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
- traffic.sidecar.istio.io/excludeInboundPorts: "9300"
- fluentbit.io/exclude-istio-proxy: "true"
- prometheus.istio.io/merge-metrics: "false"
-# spec:
-# automountServiceAccountToken: true
-# containers:
-# - name: elasticsearch
-# env:
-# - name: ES_JAVA_OPTS
-# value: "-Xms1g -Xmx1g"
-# resources:
-# requests:
-# memory: 2Gi
-# cpu: 0.5
-# limits:
-# memory: 3Gi
-# cpu: 2
- - name: data
- count: 1
- config:
- node.master: false
- node.data: true
- node.ingest: true
- node.store.allow_mmap: true
- index.store.type: mmapfs
- node.ml: false
- xpack.ml.enabled: false
- xpack.security.authc.token.enabled: true
- podTemplate:
- metadata:
- annotations:
- traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
- traffic.sidecar.istio.io/excludeInboundPorts: "9300"
- fluentbit.io/exclude-istio-proxy: "true"
- prometheus.istio.io/merge-metrics: "false"
- spec:
- automountServiceAccountToken: true
-# containers:
-# - name: elasticsearch
-# env:
-# - name: ES_JAVA_OPTS
-# value: "-Xms1g -Xmx1g"
-# resources:
-# requests:
-# memory: 2Gi
-# cpu: 0.5
-# limits:
-# memory: 3Gi
-# cpu: 2
- volumeClaimTemplates:
- - metadata:
- name: elasticsearch-data
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
+ - name: master
+ config:
+ index.store.type: mmapfs
+ node.data: false
+ node.ingest: false
+ node.master: true
+ node.ml: false
+ node.store.allow_mmap: true
+ xpack.ml.enabled: false
+ xpack.security.authc.token.enabled: true
+ count: 1
+ podTemplate:
+ metadata:
+ annotations:
+ fluentbit.io/exclude-istio-proxy: "true"
+ prometheus.istio.io/merge-metrics: "false"
+ # spec:
+ # automountServiceAccountToken: true
+ # containers:
+ # - name: elasticsearch
+ # env:
+ # - name: ES_JAVA_OPTS
+ # value: "-Xms1g -Xmx1g"
+ # resources:
+ # requests:
+ # memory: 2Gi
+ # cpu: 0.5
+ # limits:
+ # memory: 3Gi
+ # cpu: 2
+
+ traffic.sidecar.istio.io/excludeInboundPorts: "9300"
+ traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+ - name: data
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ resources:
+ requests:
+ storage: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ config:
+ index.store.type: mmapfs
+ node.data: true
+ node.ingest: true
+ node.master: false
+ node.ml: false
+ node.store.allow_mmap: true
+ xpack.ml.enabled: false
+ xpack.security.authc.token.enabled: true
+ count: 1
+ podTemplate:
+ metadata:
+ annotations:
+ fluentbit.io/exclude-istio-proxy: "true"
+ prometheus.istio.io/merge-metrics: "false"
+ traffic.sidecar.istio.io/excludeInboundPorts: "9300"
+ traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+ spec:
+ automountServiceAccountToken: true
+ # containers:
+ # - name: elasticsearch
+ # env:
+ # - name: ES_JAVA_OPTS
+ # value: "-Xms1g -Xmx1g"
+ # resources:
+ # requests:
+ # memory: 2Gi
+ # cpu: 0.5
+ # limits:
+ # memory: 3Gi
+ # cpu: 2
+ version: 7.9.2
diff --git a/base/logging/efk/kibana.yaml b/base/logging/efk/kibana.yaml
index f8cd7c04ca83f100514d5b602543719069fae91a..f2be2a67e17c515650855bef6db05a8da38eb1f1 100644
--- a/base/logging/efk/kibana.yaml
+++ b/base/logging/efk/kibana.yaml
@@ -3,7 +3,6 @@ kind: Kibana
metadata:
name: kibana
spec:
- version: 7.8.1
count: 1
elasticsearchRef:
name: elasticsearch
@@ -17,3 +16,4 @@ spec:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec:
automountServiceAccountToken: true
+ version: 7.8.1
diff --git a/base/logging/efk/kustomization.yaml b/base/logging/efk/kustomization.yaml
index 207920e533adbc4d2ce2aa56ef8efa06f41d3672..688821840546f5cf2926b16f94d3257ee6c25952 100644
--- a/base/logging/efk/kustomization.yaml
+++ b/base/logging/efk/kustomization.yaml
@@ -1,4 +1,4 @@
resources:
- - namespace.yaml
- - elasticsearch.yaml
- - kibana.yaml
\ No newline at end of file
+- namespace.yaml
+- elasticsearch.yaml
+- kibana.yaml
diff --git a/base/logging/efk/namespace.yaml b/base/logging/efk/namespace.yaml
index 577de9a400e4c498422f7f7a7a351e3e54db1da4..0adb96e2d8a2ac5cf67a9eeef2ba57fbd9d0d707 100644
--- a/base/logging/efk/namespace.yaml
+++ b/base/logging/efk/namespace.yaml
@@ -1,7 +1,6 @@
----
apiVersion: v1
kind: Namespace
metadata:
name: logging
labels:
- istio-injection: enabled
\ No newline at end of file
+ istio-injection: enabled
diff --git a/base/monitoring/helmrelease.yaml b/base/monitoring/helmrelease.yaml
index 9e192b11f90b738f4a3287e01c1b6c0d13d54bde..40476b2ddaf11182500961620ea255f0673b630a 100644
--- a/base/monitoring/helmrelease.yaml
+++ b/base/monitoring/helmrelease.yaml
@@ -1,62 +1,54 @@
----
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: monitoring
namespace: monitoring
spec:
- interval: 2m
chart:
spec:
chart: kube-prometheus-stack
- version: 10.1.2
+ interval: 5m
sourceRef:
- kind: HelmRepository
name: prometheus-community
namespace: flux-system
- interval: 5m
-
- valuesFrom:
- - kind: ConfigMap
- name: env-values
- optional: true
- - kind: Secret
- name: env-values
- optional: true
-
+ kind: HelmRepository
+ version: 10.1.2
+ interval: 2m
values:
+ alertmanager:
+ alertmanagerSpec:
+ image:
+ repository: registry1.dsop.io/ironbank/opensource/prometheus/alertmanager
+ tag: v0.21.0
+ enabled: true
fullnameOverride: monitoring
-
global:
imagePullSecrets:
- - name: private-registry
-
- prometheusOperator:
- enabled: true
- manageCrds: true
- createCustomResource: true
- image:
- repository: registry1.dsop.io/ironbank/opensource/coreos/prometheus-operator
- tag: v0.42.1
- configmapReloadImage:
- repository: registry1.dsop.io/ironbank/opensource/jimmidyson/configmap-reload
- tag: v0.4.0
-
+ - name: private-registry
grafana:
- enabled: true
image:
repository: registry1.dsop.io/ironbank/opensource/grafana/grafana
tag: 7.1.3-1
-
+ enabled: true
prometheus:
enabled: true
prometheusSpec:
# service port naming conventions
portName: http-web
-
- alertmanager:
+ prometheusOperator:
+ image:
+ repository: registry1.dsop.io/ironbank/opensource/coreos/prometheus-operator
+ tag: v0.42.1
+ configmapReloadImage:
+ repository: registry1.dsop.io/ironbank/opensource/jimmidyson/configmap-reload
+ tag: v0.4.0
+ createCustomResource: true
enabled: true
- alertmanagerSpec:
- image:
- repository: registry1.dsop.io/ironbank/opensource/prometheus/alertmanager
- tag: v0.21.0
\ No newline at end of file
+ manageCrds: true
+ valuesFrom:
+ - name: env-values
+ kind: ConfigMap
+ optional: true
+ - name: env-values
+ kind: Secret
+ optional: true
diff --git a/base/monitoring/kustomization.yaml b/base/monitoring/kustomization.yaml
index dfc3bfed1a97d186f9b811de49887c6f1ba95353..daf7b9b7ba001ea887c54c8bb2d13a7a3602d33c 100644
--- a/base/monitoring/kustomization.yaml
+++ b/base/monitoring/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- - namespace.yaml
- - helmrelease.yaml
+- namespace.yaml
+- helmrelease.yaml
diff --git a/base/monitoring/namespace.yaml b/base/monitoring/namespace.yaml
index ff7ae1b933828d6ab231cd1bc5576f808c09b5d7..d32523606f28187cc65fbb56387a78011a1e9425 100644
--- a/base/monitoring/namespace.yaml
+++ b/base/monitoring/namespace.yaml
@@ -1,4 +1,3 @@
----
apiVersion: v1
kind: Namespace
metadata:
diff --git a/instance/cert-manager/helmrelease.yaml b/instance/cert-manager/helmrelease.yaml
index cab8c6ed13cb9fb4af54b0b49a8fa0436a547945..2289fadeb8a5f8bcd4a33434df0833d00513fd44 100644
--- a/instance/cert-manager/helmrelease.yaml
+++ b/instance/cert-manager/helmrelease.yaml
@@ -1,4 +1,3 @@
----
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
diff --git a/instance/cert-manager/kustomization.yaml b/instance/cert-manager/kustomization.yaml
index e2c98d20f5fa36255b2ce2dbce01c53989a8d808..5b91f7ea4062def7b29d5199cff3a38c78945791 100644
--- a/instance/cert-manager/kustomization.yaml
+++ b/instance/cert-manager/kustomization.yaml
@@ -1,7 +1,5 @@
namespace: cert-manager
-
resources:
- - ../../base/cert-manager
-
+- ../../base/cert-manager
patchesStrategicMerge:
- - helmrelease.yaml
\ No newline at end of file
+- helmrelease.yaml
diff --git a/instance/elastic-system/kustomization.yaml b/instance/elastic-system/kustomization.yaml
index e4f861da140570574d116581a8e8c823c8b2cbf7..97adabf2c86341e85c47af4d909d91bd05d5ad11 100644
--- a/instance/elastic-system/kustomization.yaml
+++ b/instance/elastic-system/kustomization.yaml
@@ -1,4 +1,3 @@
namespace: elastic-system
-
resources:
- ../../base/logging/eck-operator
diff --git a/instance/flux-system/gitrepositories/kustomization.yaml b/instance/flux-system/gitrepositories/kustomization.yaml
index 30ad477d4c91e64511f018f27ec7773b38b6b164..5a94a6ffec7becce812686ac961f1f1fce4c7b8d 100644
--- a/instance/flux-system/gitrepositories/kustomization.yaml
+++ b/instance/flux-system/gitrepositories/kustomization.yaml
@@ -1,2 +1,2 @@
resources:
- - this.yaml
\ No newline at end of file
+- this.yaml
diff --git a/instance/flux-system/gitrepositories/this.yaml b/instance/flux-system/gitrepositories/this.yaml
index e92940c221138da5dc6c70a37aad29763e2359d4..daff7fc0a584fd2da7b5100c7ff247928bed0e8e 100644
--- a/instance/flux-system/gitrepositories/this.yaml
+++ b/instance/flux-system/gitrepositories/this.yaml
@@ -1,17 +1,16 @@
----
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: this
namespace: flux-system
spec:
- interval: 1m
- ref:
- branch: $branch
- url: $repo
ignore: |
# exclude all
/*
# include deploy dirs
!/base/
!/instance/
+ interval: 1m
+ ref:
+ branch: $branch
+ url: $repo
diff --git a/instance/flux-system/kustomization.yaml b/instance/flux-system/kustomization.yaml
index 868402cf2f012702e5f7e502732a73ce07d37f86..e45f7ae840c41cf3104951f52a6c3d09b63b8b35 100644
--- a/instance/flux-system/kustomization.yaml
+++ b/instance/flux-system/kustomization.yaml
@@ -1,7 +1,5 @@
namespace: flux-system
-
resources:
- - ../../base/flux
-
- # Bootstrapping components
- - kustomizations
\ No newline at end of file
+- ../../base/flux
+# Bootstrapping components
+- kustomizations
diff --git a/instance/flux-system/kustomizations/cert-manager.yaml b/instance/flux-system/kustomizations/cert-manager.yaml
index 91b32bf307e160d32c56bf6ffb047a5ef9e19886..41de57ed0f2871d99cac07f29468c7aef3d82449 100644
--- a/instance/flux-system/kustomizations/cert-manager.yaml
+++ b/instance/flux-system/kustomizations/cert-manager.yaml
@@ -3,9 +3,9 @@ kind: Kustomization
metadata:
name: bigbang-cert-manager
spec:
- path: './instance/cert-manager'
healthChecks:
- - kind: HelmRelease
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
- name: cert-manager
- namespace: cert-manager
\ No newline at end of file
+ - name: cert-manager
+ namespace: cert-manager
+ apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ path: './instance/cert-manager'
diff --git a/instance/flux-system/kustomizations/flux.yaml b/instance/flux-system/kustomizations/flux.yaml
index ca7a2c560a88389a2ec90e0fbd838ed283d0f27d..c73460d02304362502f8b126651fd9e8e4939600 100644
--- a/instance/flux-system/kustomizations/flux.yaml
+++ b/instance/flux-system/kustomizations/flux.yaml
@@ -3,4 +3,4 @@ kind: Kustomization
metadata:
name: bigbang-flux
spec:
- path: './instance/flux-system'
\ No newline at end of file
+ path: './instance/flux-system'
diff --git a/instance/flux-system/kustomizations/istio.yaml b/instance/flux-system/kustomizations/istio.yaml
index d1a5ae8030fc1ec4ca97f9fab80c43ffcaeb0d29..d1778dfe0dcc977dcf7c270e6786de9cf24d2b70 100644
--- a/instance/flux-system/kustomizations/istio.yaml
+++ b/instance/flux-system/kustomizations/istio.yaml
@@ -1,23 +1,21 @@
----
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: bigbang-istio-operator
spec:
path: './instance/istio-operator'
-
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: bigbang-istio-system
spec:
- path: './instance/istio-system'
dependsOn:
- - name: bigbang-istio-operator
- namespace: flux-system
+ - name: bigbang-istio-operator
+ namespace: flux-system
healthChecks:
- - kind: Deployment
- apiVersion: apps/v1
- name: istiod
- namespace: istio-system
+ - name: istiod
+ namespace: istio-system
+ apiVersion: apps/v1
+ kind: Deployment
+ path: './instance/istio-system'
diff --git a/instance/flux-system/kustomizations/kustomization.yaml b/instance/flux-system/kustomizations/kustomization.yaml
index af6d4d2ad19a46778e5b1eef85dd75834c364726..9e2b4aa2cb67b477e1b26ecbbb1f05adc916dbed 100644
--- a/instance/flux-system/kustomizations/kustomization.yaml
+++ b/instance/flux-system/kustomizations/kustomization.yaml
@@ -1,26 +1,24 @@
namespace: flux-system
-
resources:
- - istio.yaml
- - flux.yaml
- - cert-manager.yaml
- - logging.yaml
- - monitoring.yaml
- - gatekeeper.yaml
-
+- istio.yaml
+- flux.yaml
+- cert-manager.yaml
+- logging.yaml
+- monitoring.yaml
+- gatekeeper.yaml
patches:
- - target:
- kind: Kustomization
- group: kustomize.toolkit.fluxcd.io
- patch: |
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
- kind: Kustomization
- metadata:
- name: bigbang-apps
- spec:
- interval: 2m
- sourceRef:
- kind: GitRepository
- name: this
- prune: true
- timeout: 2m
\ No newline at end of file
+- target:
+ kind: Kustomization
+ group: kustomize.toolkit.fluxcd.io
+ patch: |-
+ apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+ kind: Kustomization
+ metadata:
+ name: bigbang-apps
+ spec:
+ interval: 2m
+ sourceRef:
+ kind: GitRepository
+ name: this
+ prune: true
+ timeout: 2m
diff --git a/instance/flux-system/kustomizations/logging.yaml b/instance/flux-system/kustomizations/logging.yaml
index 7f1f5aceac67872830204afbe9f0b78cd4fe8e2a..bdcadc0f1973b9a66c29abddda621b818a816f50 100644
--- a/instance/flux-system/kustomizations/logging.yaml
+++ b/instance/flux-system/kustomizations/logging.yaml
@@ -1,18 +1,16 @@
----
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: bigbang-eck-operator
spec:
path: './instance/elastic-system'
-
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: bigbang-logging
spec:
- path: './instance/logging'
dependsOn:
- - name: bigbang-istio-system
- namespace: flux-system
\ No newline at end of file
+ - name: bigbang-istio-system
+ namespace: flux-system
+ path: './instance/logging'
diff --git a/instance/flux-system/kustomizations/monitoring.yaml b/instance/flux-system/kustomizations/monitoring.yaml
index 5c5b8a29e9d5e5561c4ad79d3e34b96a0ef453b9..5d94e9d1fac909646c51c53ba5b70c8a79d6beee 100644
--- a/instance/flux-system/kustomizations/monitoring.yaml
+++ b/instance/flux-system/kustomizations/monitoring.yaml
@@ -1,12 +1,11 @@
----
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: bigbang-monitoring
spec:
- path: './instance/monitoring'
healthChecks:
- - kind: HelmRelease
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
- name: monitoring
- namespace: monitoring
\ No newline at end of file
+ - name: monitoring
+ namespace: monitoring
+ apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ path: './instance/monitoring'
diff --git a/instance/gatekeeper-system/kustomization.yaml b/instance/gatekeeper-system/kustomization.yaml
index 2ae266cb3aea47983d249e2e3b605f485938765f..549032098856bd9fbda5e05cf07c35dd38f32966 100644
--- a/instance/gatekeeper-system/kustomization.yaml
+++ b/instance/gatekeeper-system/kustomization.yaml
@@ -1,4 +1,3 @@
namespace: gatekeeper-system
-
resources:
- - ../../base/gatekeeper
\ No newline at end of file
+- ../../base/gatekeeper
diff --git a/instance/istio-operator/kustomization.yaml b/instance/istio-operator/kustomization.yaml
index 8e6cc7b5edb3723afd8c7ce08a7eec195928184e..6cbb4bf3c4e2bb78fa9aff6f485ed718430bc54c 100644
--- a/instance/istio-operator/kustomization.yaml
+++ b/instance/istio-operator/kustomization.yaml
@@ -1,4 +1,3 @@
namespace: istio-operator
-
resources:
- ../../base/istio/istio-operator