diff --git a/README.md b/README.md
index 1dfde24e450e96d7d7507743ce285ec1e0f79f02..b629b19ad3f599429f0c5e13f41af6c9962f51cd 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,51 @@
# Umbrella
-Work in progress umbrella package
\ No newline at end of file
+Work in progress umbrella package
+
+## Directory Structure
+
+```bash
+├── base # common non-env specific
+ ├── cert-manager
+ ├── kustomization.yaml
+ ├── ...
+ ├── flux-system
+ ├── kustomization.yaml
+ ├── ...
+ ├── gatekeeper
+ ├── kustomization.yaml
+ ├── ...
+ ├── istio
+ ├── kustomization.yaml
+ ├── ...
+ ├── logging
+ ├── kustomization.yaml
+ ├── ...
+ ├── monitoring
+ ├── kustomization.yaml
+ ├── ...
+├── aws # assumes running on aws
+ ├── base
+ ├── bootstrap
+ ├── gitrepositories
+ ├── kustomizations
+ ├── cert-manager
+ ├── flux-system
+ ├── gatekeeper
+ ├── istio
+ ├── logging
+ ├── monitoring
+ ├── instance
+├── on-prem # assumes running on-prem
+ ├── base
+ ├── bootstrap
+ ├── sources
+ ├── apps
+ ├── instance
+├── azure # assumes running on azure
+ ├── base
+ ├── bootstrap
+ ├── sources
+ ├── apps
+ ├── instance
+```
\ No newline at end of file
diff --git a/stack/base/cert-manager/cert-manager.yaml b/base/cert-manager/helmrelease.yaml
similarity index 100%
rename from stack/base/cert-manager/cert-manager.yaml
rename to base/cert-manager/helmrelease.yaml
diff --git a/stack/base/gatekeeper/kustomization.yaml b/base/cert-manager/kustomization.yaml
similarity index 60%
rename from stack/base/gatekeeper/kustomization.yaml
rename to base/cert-manager/kustomization.yaml
index 995372751ab93cc8cc3d7e7ccc6c26bede832b82..546c618ad939bfe128be67a9c74cadfee52a8420 100644
--- a/stack/base/gatekeeper/kustomization.yaml
+++ b/base/cert-manager/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- namespace.yaml
- - gatekeeper.yaml
\ No newline at end of file
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/stack/base/cert-manager/namespace.yaml b/base/cert-manager/namespace.yaml
similarity index 100%
rename from stack/base/cert-manager/namespace.yaml
rename to base/cert-manager/namespace.yaml
diff --git a/stack/base/flux-system/chart-repositories/banzaicloud.yaml b/base/flux/chart-repositories/banzaicloud.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/banzaicloud.yaml
rename to base/flux/chart-repositories/banzaicloud.yaml
diff --git a/stack/base/flux-system/chart-repositories/gitlab.yaml b/base/flux/chart-repositories/gitlab.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/gitlab.yaml
rename to base/flux/chart-repositories/gitlab.yaml
diff --git a/stack/base/flux-system/chart-repositories/grafana-loki.yaml b/base/flux/chart-repositories/grafana-loki.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/grafana-loki.yaml
rename to base/flux/chart-repositories/grafana-loki.yaml
diff --git a/stack/base/flux-system/chart-repositories/jetstack.yaml b/base/flux/chart-repositories/jetstack.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/jetstack.yaml
rename to base/flux/chart-repositories/jetstack.yaml
diff --git a/stack/base/flux-system/chart-repositories/kustomization.yaml b/base/flux/chart-repositories/kustomization.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/kustomization.yaml
rename to base/flux/chart-repositories/kustomization.yaml
diff --git a/stack/base/flux-system/chart-repositories/podinfo.yaml b/base/flux/chart-repositories/podinfo.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/podinfo.yaml
rename to base/flux/chart-repositories/podinfo.yaml
diff --git a/stack/base/flux-system/chart-repositories/prometheus-community.yaml b/base/flux/chart-repositories/prometheus-community.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/prometheus-community.yaml
rename to base/flux/chart-repositories/prometheus-community.yaml
diff --git a/stack/base/flux-system/chart-repositories/rancher-latest.yaml b/base/flux/chart-repositories/rancher-latest.yaml
similarity index 100%
rename from stack/base/flux-system/chart-repositories/rancher-latest.yaml
rename to base/flux/chart-repositories/rancher-latest.yaml
diff --git a/stack/base/flux-system/kustomization.yaml b/base/flux/kustomization.yaml
similarity index 100%
rename from stack/base/flux-system/kustomization.yaml
rename to base/flux/kustomization.yaml
diff --git a/stack/base/flux-system/toolkit/all.yaml b/base/flux/toolkit/all.yaml
similarity index 100%
rename from stack/base/flux-system/toolkit/all.yaml
rename to base/flux/toolkit/all.yaml
diff --git a/base/flux/toolkit/kustomization.yaml b/base/flux/toolkit/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..34f7f9bda4f2824a5b07ef52376d740143fea09c
--- /dev/null
+++ b/base/flux/toolkit/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+ - all.yaml
diff --git a/stack/base/gatekeeper/gatekeeper.yaml b/base/gatekeeper/gatekeeper.yaml
similarity index 100%
rename from stack/base/gatekeeper/gatekeeper.yaml
rename to base/gatekeeper/gatekeeper.yaml
diff --git a/base/gatekeeper/kustomization.yaml b/base/gatekeeper/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d0e5c9351251efc504126b634eb8c74b4f811d49
--- /dev/null
+++ b/base/gatekeeper/kustomization.yaml
@@ -0,0 +1,8 @@
+resources:
+ - namespace.yaml
+ - gatekeeper.yaml
+
+images:
+ - name: openpolicyagent/gatekeeper:v3.1.1
+ newName: registry1.dsop.io/ironbank/opensource/openpolicyagent/gatekeeper
+ newTag: v3.1.1
\ No newline at end of file
diff --git a/stack/base/gatekeeper/namespace.yaml b/base/gatekeeper/namespace.yaml
similarity index 100%
rename from stack/base/gatekeeper/namespace.yaml
rename to base/gatekeeper/namespace.yaml
diff --git a/base/istio/istio-operator/kustomization.yaml b/base/istio/istio-operator/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b33e90c1480de79918e718b6e2d3e6acbf7adf60
--- /dev/null
+++ b/base/istio/istio-operator/kustomization.yaml
@@ -0,0 +1,7 @@
+resources:
+ - operator.yaml
+
+images:
+ - name: docker.io/istio/operator:1.7.4-distroless
+ newName: registry1.dsop.io/ironbank/opensource/istio/operator
+ newTag: 1.7.3
\ No newline at end of file
diff --git a/stack/base/istio/istio-operator/operator.yaml b/base/istio/istio-operator/operator.yaml
similarity index 100%
rename from stack/base/istio/istio-operator/operator.yaml
rename to base/istio/istio-operator/operator.yaml
diff --git a/stack/base/istio/istio-system/istio.yaml b/base/istio/istio-system/istio.yaml
similarity index 62%
rename from stack/base/istio/istio-system/istio.yaml
rename to base/istio/istio-system/istio.yaml
index 1d3dfa14c16efd1c5f5cf50081abc50c65f0c017..d53f852fec7650c1a46b7d5bdb5c2f49df3f347f 100644
--- a/stack/base/istio/istio-system/istio.yaml
+++ b/base/istio/istio-system/istio.yaml
@@ -5,11 +5,11 @@ metadata:
namespace: istio-system
spec:
profile: default
- tag: 1.7.4-distroless
+ hub: registry1.dsop.io/ironbank/opensource/istio
+ tag: 1.7.3
meshConfig:
accessLogFile: /dev/stdout
addonComponents:
-
kiali:
enabled: true
@@ -17,6 +17,11 @@ spec:
enabled: true
values:
+ global:
+ imagePullSecrets:
+ - private-registry
+
+
sidecarInjectorWebhook:
rewriteAppHTTPProbe: true
neverInjectSelector:
@@ -26,6 +31,14 @@ spec:
values: [fluentd-configcheck]
kiali:
+ hub: registry1.dsop.io/ironbank/opensource/kiali
+ image: kiali
+ tag: v1.23.0
dashboard:
auth:
strategy: anonymous
+ tracing:
+ jaeger:
+ hub: registry1.dsop.io/ironbank/opensource/jaegertracing
+ image: all-in-one
+ tag: 1.19.2
diff --git a/stack/base/observability/kustomization.yaml b/base/istio/istio-system/kustomization.yaml
similarity index 63%
rename from stack/base/observability/kustomization.yaml
rename to base/istio/istio-system/kustomization.yaml
index a98eee0edfdb803f79ae0d327dd39e6fb9ffd7e5..e94541a50f25197d6648b498119a3cf47e0d56c3 100644
--- a/stack/base/observability/kustomization.yaml
+++ b/base/istio/istio-system/kustomization.yaml
@@ -1,4 +1,3 @@
resources:
- namespace.yaml
-
- - monitoring/
+ - istio.yaml
\ No newline at end of file
diff --git a/stack/base/istio/istio-system/namespace.yaml b/base/istio/istio-system/namespace.yaml
similarity index 100%
rename from stack/base/istio/istio-system/namespace.yaml
rename to base/istio/istio-system/namespace.yaml
diff --git a/base/istio/kustomization.yaml b/base/istio/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7a61b389db4207fc7e58ed91ce1027a25aebc925
--- /dev/null
+++ b/base/istio/kustomization.yaml
@@ -0,0 +1,3 @@
+resources:
+ - istio-operator
+ - istio-system
\ No newline at end of file
diff --git a/base/logging/eck-operator/all-in-one.yaml b/base/logging/eck-operator/all-in-one.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e2a15744abb51f6979e845280a068403683a8082
--- /dev/null
+++ b/base/logging/eck-operator/all-in-one.yaml
@@ -0,0 +1,3008 @@
+---
+# Source: crds/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: apmservers.apm.k8s.elastic.co
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.health
+ name: health
+ type: string
+ - JSONPath: .status.availableNodes
+ description: Available nodes
+ name: nodes
+ type: integer
+ - JSONPath: .spec.version
+ description: APM version
+ name: version
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ group: apm.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ApmServer
+ listKind: ApmServerList
+ plural: apmservers
+ shortNames:
+ - apm
+ singular: apmserver
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server
+ resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The
+ name and namespace provided here are managed by ECK and will
+ be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ clusterIP:
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ type: integer
+ ipFamily:
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ required:
+ - port
+ type: object
+ type: array
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses, when set to true,
+ indicates that DNS implementations must publish the notReadyAddresses
+ of subsets for the Endpoints associated with the Service.
+ The default value is false. The primary use case for setting
+ this field is to use a StatefulSet's Headless Service
+ to propagate SRV records for its Pods without respect
+ to their readiness for purpose of peer discovery.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of
+ Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ topologyKeys:
+ description: topologyKeys is a preference-order list of
+ topology keys which implementations of services should
+ use to preferentially sort endpoints when accessing this
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
+ type: array
+ type:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret
+ that contains the certificate and private key for enabling
+ TLS. The referenced secret should contain the following: \n
+ - `ca.crt`: The certificate authority (optional). - `tls.crt`:
+ The certificate (or a chain). - `tls.key`: The private key
+ to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed
+ certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of
+ the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ kibanaRef:
+ description: KibanaRef is a reference to a Kibana instance running in
+ the same Kubernetes cluster. It allows APM agent central configuration
+ management in Kibana.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the APM Server pods.
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets
+ containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair
+ in the secret to filesystem paths. If not defined, all keys
+ will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the
+ corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key
+ to. Path must not be an absolute file path and must not
+ contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of the APM Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: string
+ health:
+ description: ApmServerHealth expresses the status of the Apm Server
+ instances.
+ type: string
+ kibanaAssociationStatus:
+ description: KibanaAssociationStatus is the status of any auto-linking
+ to Kibana.
+ type: string
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that contains
+ the secret token
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents should
+ connect to.
+ type: string
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ - name: v1beta1
+ served: true
+ storage: false
+ - name: v1alpha1
+ served: false
+ storage: false
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: beats.beat.k8s.elastic.co
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.health
+ name: health
+ type: string
+ - JSONPath: .status.availableNodes
+ description: Available nodes
+ name: available
+ type: integer
+ - JSONPath: .status.expectedNodes
+ description: Expected nodes
+ name: expected
+ type: integer
+ - JSONPath: .spec.type
+ description: Beat type
+ name: type
+ type: string
+ - JSONPath: .spec.version
+ description: Beat version
+ name: version
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ group: beat.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Beat
+ listKind: BeatList
+ plural: beats
+ shortNames:
+ - beat
+ singular: beat
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Beat is the Schema for the Beats API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BeatSpec defines the desired state of a Beat.
+ properties:
+ config:
+ description: Config holds the Beat configuration. At most one of [`Config`,
+ `ConfigRef`] can be specified.
+ type: object
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes
+ Secret holding the Beat configuration. Beat settings must be specified
+ as yaml, under a single "beat.yml" entry. At most one of [`Config`,
+ `ConfigRef`] can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: DaemonSet specifies the Beat should be deployed as a DaemonSet,
+ and allows providing its spec. Cannot be used along with `deployment`.
+ If both are absent a default for the Type is used.
+ properties: {}
+ type: object
+ deployment:
+ description: Deployment specifies the Beat should be deployed as a Deployment,
+ and allows providing its spec. Cannot be used along with `daemonSet`.
+ If both are absent a default for the Type is used.
+ properties:
+ replicas:
+ format: int32
+ type: integer
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ image:
+ description: Image is the Beat Docker image to deploy. Version and Type
+ have to match the Beat in the image.
+ type: string
+ kibanaRef:
+ description: KibanaRef is a reference to a Kibana instance running in
+ the same Kubernetes cluster. It allows automatic setup of dashboards
+ and visualizations.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes Secrets
+ containing sensitive configuration options for the Beat. Secrets data
+ can be then referenced in the Beat config using the Secret's keys
+ or as specified in `Entries` field of each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair
+ in the secret to filesystem paths. If not defined, all keys
+ will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the
+ corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key
+ to. Path must not be an absolute file path and must not
+ contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current
+ resource to Elasticsearch resource in a different namespace. Can only
+ be used if ECK is enforcing RBAC on references.
+ type: string
+ type:
+ description: Type is the type of the Beat to deploy (filebeat, metricbeat,
+ heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can
+ be used, but well-known types will have the image field defaulted
+ and have the appropriate Elasticsearch roles created automatically.
+ It also allows for dashboard setup when combined with a `KibanaRef`.
+ maxLength: 20
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ version:
+ description: Version of the Beat.
+ type: string
+ required:
+ - type
+ - version
+ type: object
+ status:
+ description: BeatStatus defines the observed state of a Beat.
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ type: object
+ version: v1beta1
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: elasticsearches.elasticsearch.k8s.elastic.co
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.health
+ name: health
+ type: string
+ - JSONPath: .status.availableNodes
+ description: Available nodes
+ name: nodes
+ type: integer
+ - JSONPath: .spec.version
+ description: Elasticsearch version
+ name: version
+ type: string
+ - JSONPath: .status.phase
+ name: phase
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ group: elasticsearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Elasticsearch
+ listKind: ElasticsearchList
+ plural: elasticsearches
+ shortNames:
+ - es
+ singular: elasticsearch
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch
+ cluster.
+ properties:
+ auth:
+ description: Auth contains user authentication and authorization security
+ settings for Elasticsearch.
+ properties:
+ fileRealm:
+ description: FileRealm to propagate to the Elasticsearch cluster.
+ items:
+ description: FileRealmSource references users to create in the
+ Elasticsearch cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ roles:
+ description: Roles to propagate to the Elasticsearch cluster.
+ items:
+ description: RoleSource references roles to create in the Elasticsearch
+ cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ type: object
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The
+ name and namespace provided here are managed by ECK and will
+ be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ clusterIP:
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ type: integer
+ ipFamily:
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ required:
+ - port
+ type: object
+ type: array
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses, when set to true,
+ indicates that DNS implementations must publish the notReadyAddresses
+ of subsets for the Endpoints associated with the Service.
+ The default value is false. The primary use case for setting
+ this field is to use a StatefulSet's Headless Service
+ to propagate SRV records for its Pods without respect
+ to their readiness for purpose of peer discovery.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of
+ Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ topologyKeys:
+ description: topologyKeys is a preference-order list of
+ topology keys which implementations of services should
+ use to preferentially sort endpoints when accessing this
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
+ type: array
+ type:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret
+ that contains the certificate and private key for enabling
+ TLS. The referenced secret should contain the following: \n
+ - `ca.crt`: The certificate authority (optional). - `tls.crt`:
+ The certificate (or a chain). - `tls.key`: The private key
+ to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed
+ certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of
+ the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes
+ sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch
+ nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ count:
+ description: Count of Elasticsearch nodes to deploy.
+ format: int32
+ minimum: 1
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the
+ Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on) for
+ the Pods belonging to this NodeSet.
+ type: object
+ volumeClaimTemplates:
+ description: VolumeClaimTemplates is a list of persistent volume
+ claims to be used by each Pod in this NodeSet. Every claim in
+ this list must have a matching volumeMount in one of the containers
+ defined in the PodTemplate. Items defined here take precedence
+ over any default claims added by the operator with the same
+ name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and
+ claim to a persistent volume
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of
+ this representation of an object. Servers should convert
+ recognized schemas to the latest internal value, and may
+ reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: This field requires the VolumeSnapshotDataSource
+ alpha feature gate to be enabled and currently VolumeSnapshot
+ is the only supported data source. If the provisioner
+ can support VolumeSnapshot data source, it will create
+ a new volume and data will be restored to the volume
+ at the same time. If the provisioner does not support
+ VolumeSnapshot data source, volume will not be created
+ and the failure will be reported as an event. In the
+ future, we plan to support more data source types
+ and the behavior of the provisioner may change.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'Resources represents the minimum resources
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ type: object
+ type: object
+ selector:
+ description: A label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'Name of the StorageClass required by the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem is implied
+ when not included in claim spec. This is a beta feature.
+ type: string
+ volumeName:
+ description: VolumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'AccessModes contains the actual access
+ modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ description: Represents the actual resources of the
+ underlying volume.
+ type: object
+ conditions:
+ description: Current Condition of persistent volume
+ claim. If underlying persistent volume is being resized
+ then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned
+ from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: Human-readable message indicating
+ details about last transition.
+ type: string
+ reason:
+ description: Unique, this should be a short, machine
+ understandable string that gives the reason
+ for condition's last transition. If it reports
+ "ResizeStarted" that means the underlying persistent
+ volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: Phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - count
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: PodDisruptionBudget provides access to the default pod
+ disruption budget for the Elasticsearch cluster. The default budget
+ selects all cluster pods and sets `maxUnavailable` to 1. To disable,
+ set `PodDisruptionBudget` to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the PDB. The name and
+ namespace provided here are managed by ECK and will be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at most "maxUnavailable"
+ pods selected by "selector" are unavailable after the eviction,
+ i.e. even in absence of the evicted pod. For example, one
+ can prevent all voluntary evictions by specifying 0. This
+ is a mutually exclusive setting with "minAvailable".
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at least "minAvailable"
+ pods selected by "selector" will still be available after
+ the eviction, i.e. even in the absence of the evicted pod. So
+ for example you can prevent all voluntary evictions by specifying
+ "100%".
+ selector:
+ description: Label query over pods whose evictions are managed
+ by the disruption budget.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: object
+ type: object
+ remoteClusters:
+ description: RemoteClusters enables you to establish uni-directional
+ connections to a remote Elasticsearch cluster.
+ items:
+ description: RemoteCluster declares a remote Elasticsearch cluster
+ connection.
+ properties:
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch
+ cluster running within the same k8s cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty,
+ defaults to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ name:
+ description: Name is the name of the remote cluster as it is set
+ in the Elasticsearch settings. The name is expected to be unique
+ for each remote clusters.
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets
+ containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair
+ in the secret to filesystem paths. If not defined, all keys
+ will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the
+ corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key
+ to. Path must not be an absolute file path and must not
+ contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. a remote Elasticsearch cluster) in a different
+ namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ transport:
+ description: Transport holds transport layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The
+ name and namespace provided here are managed by ECK and will
+ be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ clusterIP:
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ type: integer
+ ipFamily:
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ required:
+ - port
+ type: object
+ type: array
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses, when set to true,
+ indicates that DNS implementations must publish the notReadyAddresses
+ of subsets for the Endpoints associated with the Service.
+ The default value is false. The primary use case for setting
+ this field is to use a StatefulSet's Headless Service
+ to propagate SRV records for its Pods without respect
+ to their readiness for purpose of peer discovery.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of
+ Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ topologyKeys:
+ description: topologyKeys is a preference-order list of
+ topology keys which implementations of services should
+ use to preferentially sort endpoints when accessing this
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
+ type: array
+ type:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ type: object
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider when
+ applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: MaxSurge is the maximum number of new pods that
+ can be created exceeding the original number of pods defined
+ in the specification. MaxSurge is only taken into consideration
+ when scaling up. Setting a negative value will disable the
+ restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: MaxUnavailable is the maximum number of pods that
+ can be unavailable (not ready) during the update due to circumstances
+ under the control of the operator. Setting a negative value
+ will disable this restriction. Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ required:
+ - nodeSets
+ - version
+ type: object
+ status:
+ description: ElasticsearchStatus defines the observed state of Elasticsearch
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned
+ by the health API.
+ type: string
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
+ is in from the controller point of view.
+ type: string
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ - name: v1beta1
+ served: true
+ storage: false
+ - name: v1alpha1
+ served: false
+ storage: false
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: enterprisesearches.enterprisesearch.k8s.elastic.co
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.health
+ name: health
+ type: string
+ - JSONPath: .status.availableNodes
+ description: Available nodes
+ name: nodes
+ type: integer
+ - JSONPath: .spec.version
+ description: Enterprise Search version
+ name: version
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ group: enterprisesearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: EnterpriseSearch
+ listKind: EnterpriseSearchList
+ plural: enterprisesearches
+ shortNames:
+ - ent
+ singular: enterprisesearch
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise
+ Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes
+ Secret holding the Enterprise Search configuration. Configuration
+ settings are merged and have precedence over settings specified in
+ `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise
+ Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The
+ name and namespace provided here are managed by ECK and will
+ be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ clusterIP:
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ type: integer
+ ipFamily:
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ required:
+ - port
+ type: object
+ type: array
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses, when set to true,
+ indicates that DNS implementations must publish the notReadyAddresses
+ of subsets for the Endpoints associated with the Service.
+ The default value is false. The primary use case for setting
+ this field is to use a StatefulSet's Headless Service
+ to propagate SRV records for its Pods without respect
+ to their readiness for purpose of peer discovery.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of
+ Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ topologyKeys:
+ description: topologyKeys is a preference-order list of
+ topology keys which implementations of services should
+ use to preferentially sort endpoints when accessing this
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
+ type: array
+ type:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret
+ that contains the certificate and private key for enabling
+ TLS. The referenced secret should contain the following: \n
+ - `ca.crt`: The certificate authority (optional). - `tls.crt`:
+ The certificate (or a chain). - `tls.key`: The private key
+ to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed
+ certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of
+ the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Enterprise Search
+ pods.
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: EnterpriseSearchHealth expresses the health of the Enterprise
+ Search instances.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated to
+ the Enterprise Search Pods.
+ type: string
+ type: object
+ version: v1beta1
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: kibanas.kibana.k8s.elastic.co
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.health
+ name: health
+ type: string
+ - JSONPath: .status.availableNodes
+ description: Available nodes
+ name: nodes
+ type: integer
+ - JSONPath: .spec.version
+ description: Kibana version
+ name: version
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ group: kibana.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Kibana
+ listKind: KibanaList
+ plural: kibanas
+ shortNames:
+ - kb
+ singular: kibana
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The
+ name and namespace provided here are managed by ECK and will
+ be ignored.
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ clusterIP:
+ description: 'clusterIP is the IP address of the service
+ and is usually assigned randomly by the master. If an
+ address is specified manually and is not in use by others,
+ it will be allocated to the service; otherwise, creation
+ of the service will fail. This field can not be changed
+ through updates. Valid values are "None", empty string
+ (""), or a valid IP address. "None" can be specified for
+ headless services when proxying is not required. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which
+ nodes in the cluster will also accept traffic for this
+ service. These IPs are not managed by Kubernetes. The
+ user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external
+ load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that
+ kubedns or equivalent will return as a CNAME record for
+ this service. No proxying will be involved. Must be a
+ valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
+ and requires Type to be ExternalName.
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy denotes if this Service
+ desires to route external traffic to node-local or cluster-wide
+ endpoints. "Local" preserves the client source IP and
+ avoids a second hop for LoadBalancer and Nodeport type
+ services, but risks potentially imbalanced traffic spreading.
+ "Cluster" obscures the client source IP and may cause
+ a second hop to another node, but should have good overall
+ load-spreading.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck
+ nodePort for the service. If not specified, HealthCheckNodePort
+ is created by the service api backend with the allocated
+ nodePort. Will use user-specified nodePort value if specified
+ by the client. Only effects when Type is set to LoadBalancer
+ and ExternalTrafficPolicy is set to Local.
+ format: int32
+ type: integer
+ ipFamily:
+ description: ipFamily specifies whether this Service has
+ a preference for a particular IP family (e.g. IPv4 vs.
+ IPv6). If a specific IP family is requested, the clusterIP
+ field will be allocated from that family, if it is available
+ in the cluster. If no IP family is requested, the cluster's
+ primary IP family will be used. Other IP fields (loadBalancerIP,
+ loadBalancerSourceRanges, externalIPs) and controllers
+ which allocate external load-balancers should use the
+ same IP family. Endpoints for this Service will be of
+ this family. This field is immutable after creation.
+ Assigning a ServiceIPFamily not available in the cluster
+ (e.g. IPv6 in IPv4 only cluster) is an error condition
+ and will fail during clusterIP assignment.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer
+ LoadBalancer will get created with the IP specified in
+ this field. This feature depends on whether the underlying
+ cloud-provider supports specifying the loadBalancerIP
+ when a load balancer is created. This field will be ignored
+ if the cloud-provider does not support the feature.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform,
+ this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client
+ IPs. This field will be ignored if the cloud-provider
+ does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this
+ service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ name:
+ description: The name of this port within the service.
+ This must be a DNS_LABEL. All ports within a ServiceSpec
+ must have unique names. When considering the endpoints
+ for a Service, this must match the 'name' field
+ in the EndpointPort. Optional if only one ServicePort
+ is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this
+ service is exposed when type=NodePort or LoadBalancer.
+ Usually assigned by the system. If specified, it
+ will be allocated to the service if unused or else
+ creation of the service will fail. Default is to
+ auto-allocate a port if the ServiceType of this
+ Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ description: The IP protocol for this port. Supports
+ "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access
+ on the pods targeted by the service. Number must
+ be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named
+ port in the target Pod''s container ports. If this
+ is not specified, the value of the ''port'' field
+ is used (an identity map). This field is ignored
+ for services with clusterIP=None, and should be
+ omitted or set equal to the ''port'' field. More
+ info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ required:
+ - port
+ type: object
+ type: array
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses, when set to true,
+ indicates that DNS implementations must publish the notReadyAddresses
+ of subsets for the Endpoints associated with the Service.
+ The default value is false. The primary use case for setting
+ this field is to use a StatefulSet's Headless Service
+ to propagate SRV records for its Pods without respect
+ to their readiness for purpose of peer discovery.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys
+ and values matching this selector. If empty or not present,
+ the service is assumed to have an external process managing
+ its endpoints, which Kubernetes will not modify. Only
+ applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain
+ session affinity. Enable client IP based session affinity.
+ Must be ClientIP or None. Defaults to None. More info:
+ https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of
+ Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds
+ of ClientIP type session sticky time. The value
+ must be >0 && <=86400(for 1 day) if ServiceAffinity
+ == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ topologyKeys:
+ description: topologyKeys is a preference-order list of
+ topology keys which implementations of services should
+ use to preferentially sort endpoints when accessing this
+ Service, it can not be used at the same time as externalTrafficPolicy=Local.
+ Topology keys must be valid label keys and at most 16
+ keys may be specified. Endpoints are chosen based on the
+ first topology key with available backends. If this field
+ is specified and all entries have no backends that match
+ the topology of the client, the service has no backends
+ for that client and connections should fail. The special
+ value "*" may be used to mean "any topology". This catch-all
+ value, if used, only makes sense as the last value in
+ the list. If this is not specified or empty, no topology
+ constraints will be applied.
+ items:
+ type: string
+ type: array
+ type:
+ description: 'type determines how the Service is exposed.
+ Defaults to ClusterIP. Valid options are ExternalName,
+ ClusterIP, NodePort, and LoadBalancer. "ExternalName"
+ maps to the specified externalName. "ClusterIP" allocates
+ a cluster-internal IP address for load-balancing to endpoints.
+ Endpoints are determined by the selector or if that is
+ not specified, by manual construction of an Endpoints
+ object. If clusterIP is "None", no virtual IP is allocated
+ and the endpoints are published as a set of endpoints
+ rather than a stable IP. "NodePort" builds on ClusterIP
+ and allocates a port on every node which routes to the
+ clusterIP. "LoadBalancer" builds on NodePort and creates
+ an external load-balancer (if supported in the current
+ cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret
+ that contains the certificate and private key for enabling
+ TLS. The referenced secret should contain the following: \n
+ - `ca.crt`: The certificate authority (optional). - `tls.crt`:
+ The certificate (or a chain). - `tls.key`: The private key
+ to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed
+ certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of
+ the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets
+ containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair
+ in the secret to filesystem paths. If not defined, all keys
+ will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the
+ corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key
+ to. Path must not be an absolute file path and must not
+ contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current
+ resource to a resource (eg. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Kibana.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: KibanaHealth expresses the status of the Kibana instances.
+ type: string
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ - name: v1beta1
+ served: true
+ storage: false
+ - name: v1alpha1
+ served: false
+ storage: false
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+# Source: eck/templates/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: elastic-system
+---
+# Source: eck/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+---
+# Source: eck/templates/webhook.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "elastic-webhook-server-cert"
+ namespace: elastic-system
+---
+# Source: eck/templates/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: elastic-operator
+rules:
+- apiGroups:
+ - "authorization.k8s.io"
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - endpoints
+ - events
+ - persistentvolumeclaims
+ - secrets
+ - services
+ - configmaps
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - statefulsets
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - elasticsearch.k8s.elastic.co
+ resources:
+ - elasticsearches
+ - elasticsearches/status
+ - elasticsearches/finalizers
+ - enterpriselicenses
+ - enterpriselicenses/status
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - kibana.k8s.elastic.co
+ resources:
+ - kibanas
+ - kibanas/status
+ - kibanas/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apm.k8s.elastic.co
+ resources:
+ - apmservers
+ - apmservers/status
+ - apmservers/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ resources:
+ - enterprisesearches
+ - enterprisesearches/status
+ - enterprisesearches/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - mutatingwebhookconfigurations
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - beat.k8s.elastic.co
+ resources:
+ - beats
+ - beats/status
+ - beats/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+# Source: eck/templates/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "elastic-operator-view"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["get", "list", "watch"]
+---
+# Source: eck/templates/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "elastic-operator-edit"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+---
+# Source: eck/templates/managed-ns-role-bindings.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: elastic-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: elastic-operator
+subjects:
+- kind: ServiceAccount
+ name: elastic-operator
+ namespace: elastic-system
+---
+# Source: eck/templates/operator-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: elastic-operator
+subjects:
+- kind: ServiceAccount
+ name: elastic-operator
+ namespace: elastic-system
+---
+# Source: eck/templates/webhook.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: elastic-webhook-server
+ namespace: elastic-system
+spec:
+ ports:
+ - name: https
+ port: 443
+ targetPort: 9443
+ selector:
+ control-plane: elastic-operator
+---
+# Source: eck/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+spec:
+ selector:
+ matchLabels:
+ control-plane: elastic-operator
+ serviceName: elastic-operator
+ template:
+ metadata:
+ annotations:
+ # Rename the fields "error" to "error.message" and "source" to "event.source"
+ # This is to avoid a conflict with the ECS "error" and "source" documents.
+ "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
+ labels:
+ control-plane: elastic-operator
+ spec:
+ terminationGracePeriodSeconds: 10
+ serviceAccountName: elastic-operator
+ containers:
+ - image: "docker.elastic.co/eck/eck-operator:1.2.1"
+ imagePullPolicy: IfNotPresent
+ name: manager
+ args:
+ - "manager"
+ - "--log-verbosity=0"
+ - "--metrics-port=0"
+ - "--container-registry=docker.elastic.co"
+ - "--max-concurrent-reconciles=3"
+ - "--ca-cert-validity=8760h"
+ - "--ca-cert-rotate-before=24h"
+ - "--cert-validity=8760h"
+ - "--cert-rotate-before=24h"
+ - "--enable-webhook"
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OPERATOR_IMAGE
+ value: "docker.elastic.co/eck/eck-operator:1.2.1"
+ - name: WEBHOOK_SECRET
+ value: "elastic-webhook-server-cert"
+ resources:
+ limits:
+ cpu: 1
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ ports:
+ - containerPort: 9443
+ name: https-webhook
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: "elastic-webhook-server-cert"
+---
+# Source: eck/templates/webhook.yaml
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: elastic-webhook.k8s.elastic.co
+webhooks:
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-apm-k8s-elastic-co-v1-apmserver
+ failurePolicy: Ignore
+ name: elastic-apm-validation-v1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
+ failurePolicy: Ignore
+ name: elastic-apm-validation-v1beta1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-beat-k8s-elastic-co-v1beta1-beat
+ failurePolicy: Ignore
+ name: elastic-beat-validation-v1beta1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - beat.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - beats
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
+ failurePolicy: Ignore
+ name: elastic-es-validation-v1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
+ failurePolicy: Ignore
+ name: elastic-es-validation-v1beta1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-kibana-k8s-elastic-co-v1-kibana
+ failurePolicy: Ignore
+ name: elastic-kb-validation-v1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
+ failurePolicy: Ignore
+ name: elastic-kb-validation-v1beta1.k8s.elastic.co
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+
diff --git a/base/logging/eck-operator/kustomization.yaml b/base/logging/eck-operator/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6729459466ccc2c785d2176a6f5ad9cec226888d
--- /dev/null
+++ b/base/logging/eck-operator/kustomization.yaml
@@ -0,0 +1,8 @@
+resources:
+ - all-in-one.yaml
+
+#images:
+# # TODO: This image doesnt't work yet
+# - name: docker.elastic.co/eck/eck-operator:1.2.1
+# newName: registry1.dsop.io/ironbank/elastic/eck-operator/eck-operator
+# newTag: 1.2.1
diff --git a/base/logging/efk/elasticsearch.yaml b/base/logging/efk/elasticsearch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..93605ce628705710f527b038b7a65ae052f94fbb
--- /dev/null
+++ b/base/logging/efk/elasticsearch.yaml
@@ -0,0 +1,81 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+ name: elasticsearch
+spec:
+ version: 7.9.2
+ image: registry1.dsop.io/ironbank/elastic/elasticsearch/elasticsearch:7.9.2
+ nodeSets:
+ - name: master
+ count: 1
+ config:
+ node.master: true
+ node.data: false
+ node.ingest: false
+ node.store.allow_mmap: true
+ index.store.type: mmapfs
+ node.ml: false
+ xpack.ml.enabled: false
+ xpack.security.authc.token.enabled: true
+ podTemplate:
+ metadata:
+ annotations:
+ traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+ traffic.sidecar.istio.io/excludeInboundPorts: "9300"
+ fluentbit.io/exclude-istio-proxy: "true"
+ prometheus.istio.io/merge-metrics: "false"
+# spec:
+# automountServiceAccountToken: true
+# containers:
+# - name: elasticsearch
+# env:
+# - name: ES_JAVA_OPTS
+# value: "-Xms1g -Xmx1g"
+# resources:
+# requests:
+# memory: 2Gi
+# cpu: 0.5
+# limits:
+# memory: 3Gi
+# cpu: 2
+ - name: data
+ count: 1
+ config:
+ node.master: false
+ node.data: true
+ node.ingest: true
+ node.store.allow_mmap: true
+ index.store.type: mmapfs
+ node.ml: false
+ xpack.ml.enabled: false
+ xpack.security.authc.token.enabled: true
+ podTemplate:
+ metadata:
+ annotations:
+ traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+ traffic.sidecar.istio.io/excludeInboundPorts: "9300"
+ fluentbit.io/exclude-istio-proxy: "true"
+ prometheus.istio.io/merge-metrics: "false"
+ spec:
+ automountServiceAccountToken: true
+# containers:
+# - name: elasticsearch
+# env:
+# - name: ES_JAVA_OPTS
+# value: "-Xms1g -Xmx1g"
+# resources:
+# requests:
+# memory: 2Gi
+# cpu: 0.5
+# limits:
+# memory: 3Gi
+# cpu: 2
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
diff --git a/base/logging/efk/kibana.yaml b/base/logging/efk/kibana.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f8cd7c04ca83f100514d5b602543719069fae91a
--- /dev/null
+++ b/base/logging/efk/kibana.yaml
@@ -0,0 +1,19 @@
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+ name: kibana
+spec:
+ version: 7.8.1
+ count: 1
+ elasticsearchRef:
+ name: elasticsearch
+ http:
+ tls:
+ selfSignedCertificate:
+ disabled: true
+ podTemplate:
+ metadata:
+ annotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "true"
+ spec:
+ automountServiceAccountToken: true
diff --git a/base/logging/efk/kustomization.yaml b/base/logging/efk/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..207920e533adbc4d2ce2aa56ef8efa06f41d3672
--- /dev/null
+++ b/base/logging/efk/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+ - namespace.yaml
+ - elasticsearch.yaml
+ - kibana.yaml
\ No newline at end of file
diff --git a/base/logging/efk/namespace.yaml b/base/logging/efk/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..577de9a400e4c498422f7f7a7a351e3e54db1da4
--- /dev/null
+++ b/base/logging/efk/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: logging
+ labels:
+ istio-injection: enabled
\ No newline at end of file
diff --git a/stack/base/observability/monitoring/kube-prometheus-stack.yaml b/base/monitoring/helmrelease.yaml
similarity index 57%
rename from stack/base/observability/monitoring/kube-prometheus-stack.yaml
rename to base/monitoring/helmrelease.yaml
index f421cd510bd8ed89623d6c554585643d5f2cf3a5..9e192b11f90b738f4a3287e01c1b6c0d13d54bde 100644
--- a/stack/base/observability/monitoring/kube-prometheus-stack.yaml
+++ b/base/monitoring/helmrelease.yaml
@@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: monitoring
- namespace: observability
+ namespace: monitoring
spec:
interval: 2m
chart:
@@ -27,16 +27,26 @@ spec:
values:
fullnameOverride: monitoring
+ global:
+ imagePullSecrets:
+ - name: private-registry
+
prometheusOperator:
enabled: true
manageCrds: true
createCustomResource: true
+ image:
+ repository: registry1.dsop.io/ironbank/opensource/coreos/prometheus-operator
+ tag: v0.42.1
+ configmapReloadImage:
+ repository: registry1.dsop.io/ironbank/opensource/jimmidyson/configmap-reload
+ tag: v0.4.0
grafana:
enabled: true
image:
- repository: grafana/grafana
- tag: 7.2.2
+ repository: registry1.dsop.io/ironbank/opensource/grafana/grafana
+ tag: 7.1.3-1
prometheus:
enabled: true
@@ -45,4 +55,8 @@ spec:
portName: http-web
alertmanager:
- enabled: true
\ No newline at end of file
+ enabled: true
+ alertmanagerSpec:
+ image:
+ repository: registry1.dsop.io/ironbank/opensource/prometheus/alertmanager
+ tag: v0.21.0
\ No newline at end of file
diff --git a/stack/base/cert-manager/kustomization.yaml b/base/monitoring/kustomization.yaml
similarity index 58%
rename from stack/base/cert-manager/kustomization.yaml
rename to base/monitoring/kustomization.yaml
index d0cc5c6bfbca4c66812e9687a02b9a3de67186a1..dfc3bfed1a97d186f9b811de49887c6f1ba95353 100644
--- a/stack/base/cert-manager/kustomization.yaml
+++ b/base/monitoring/kustomization.yaml
@@ -1,3 +1,3 @@
resources:
- namespace.yaml
- - cert-manager.yaml
\ No newline at end of file
+ - helmrelease.yaml
diff --git a/stack/base/observability/namespace.yaml b/base/monitoring/namespace.yaml
similarity index 67%
rename from stack/base/observability/namespace.yaml
rename to base/monitoring/namespace.yaml
index d0e0723edc286bfe4a32f629a462f7029021e6fc..ff7ae1b933828d6ab231cd1bc5576f808c09b5d7 100644
--- a/stack/base/observability/namespace.yaml
+++ b/base/monitoring/namespace.yaml
@@ -2,4 +2,4 @@
apiVersion: v1
kind: Namespace
metadata:
- name: observability
+ name: monitoring
diff --git a/bootstrap/gitrepositories/kustomization.yaml b/bootstrap/gitrepositories/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..30ad477d4c91e64511f018f27ec7773b38b6b164
--- /dev/null
+++ b/bootstrap/gitrepositories/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+ - this.yaml
\ No newline at end of file
diff --git a/bootstrap/gitrepositories/this.yaml b/bootstrap/gitrepositories/this.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e92940c221138da5dc6c70a37aad29763e2359d4
--- /dev/null
+++ b/bootstrap/gitrepositories/this.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: this
+ namespace: flux-system
+spec:
+ interval: 1m
+ ref:
+ branch: $branch
+ url: $repo
+ ignore: |
+ # exclude all
+ /*
+ # include deploy dirs
+ !/base/
+ !/instance/
diff --git a/stack/bootstrap/init.sh b/bootstrap/init.sh
similarity index 75%
rename from stack/bootstrap/init.sh
rename to bootstrap/init.sh
index 03d985c7620ec3dfa77288bea80470da98ebfd91..0acbdade0338b60e9d1f69a743a5f6261d5c7173 100755
--- a/stack/bootstrap/init.sh
+++ b/bootstrap/init.sh
@@ -25,14 +25,10 @@ need() {
deploy_flux() {
info "Installing flux components"
# Apply flux components
- kustomize build stack/base/flux-system/toolkit | kubectl apply -f -
+ kustomize build base/flux/toolkit | kubectl apply -f -
info "Waiting for flux components to initialize"
kubectl wait --for=condition=available --timeout=60s --all deployments -n flux-system
-
- info "Registering required HelmRepositories"
- # apply helmrepositories
- kustomize build stack/base/flux-system/chart-repositories | kubectl apply -f -
}
deploy_umbrella() {
@@ -43,10 +39,16 @@ deploy_umbrella() {
export repo=$(git config --get remote.origin.url)
export env="dev"
- envsubst < stack/bootstrap/bootstrap.yaml | kubectl apply -f -
+ kustomize build bootstrap/gitrepositories | envsubst | kubectl apply -f -
+ kustomize build instance/flux-system | kubectl apply -f -
}
{
+ need "kustomize"
+ need "kubectl"
+ need "envsubst"
+ need "git"
+
deploy_flux
deploy_umbrella
}
\ No newline at end of file
diff --git a/instance/cert-manager/helmrelease.yaml b/instance/cert-manager/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cab8c6ed13cb9fb4af54b0b49a8fa0436a547945
--- /dev/null
+++ b/instance/cert-manager/helmrelease.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: cert-manager
+ namespace: cert-manager
diff --git a/instance/cert-manager/kustomization.yaml b/instance/cert-manager/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e2c98d20f5fa36255b2ce2dbce01c53989a8d808
--- /dev/null
+++ b/instance/cert-manager/kustomization.yaml
@@ -0,0 +1,7 @@
+namespace: cert-manager
+
+resources:
+ - ../../base/cert-manager
+
+patchesStrategicMerge:
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/instance/elastic-system/kustomization.yaml b/instance/elastic-system/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e4f861da140570574d116581a8e8c823c8b2cbf7
--- /dev/null
+++ b/instance/elastic-system/kustomization.yaml
@@ -0,0 +1,4 @@
+namespace: elastic-system
+
+resources:
+- ../../base/logging/eck-operator
diff --git a/instance/flux-system/kustomization.yaml b/instance/flux-system/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..868402cf2f012702e5f7e502732a73ce07d37f86
--- /dev/null
+++ b/instance/flux-system/kustomization.yaml
@@ -0,0 +1,7 @@
+namespace: flux-system
+
+resources:
+ - ../../base/flux
+
+ # Bootstrapping components
+ - kustomizations
\ No newline at end of file
diff --git a/instance/flux-system/kustomizations/cert-manager.yaml b/instance/flux-system/kustomizations/cert-manager.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..91b32bf307e160d32c56bf6ffb047a5ef9e19886
--- /dev/null
+++ b/instance/flux-system/kustomizations/cert-manager.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-cert-manager
+spec:
+ path: './instance/cert-manager'
+ healthChecks:
+ - kind: HelmRelease
+ apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ name: cert-manager
+ namespace: cert-manager
\ No newline at end of file
diff --git a/instance/flux-system/kustomizations/flux.yaml b/instance/flux-system/kustomizations/flux.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ca7a2c560a88389a2ec90e0fbd838ed283d0f27d
--- /dev/null
+++ b/instance/flux-system/kustomizations/flux.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-flux
+spec:
+ path: './instance/flux-system'
\ No newline at end of file
diff --git a/instance/flux-system/kustomizations/gatekeeper.yaml b/instance/flux-system/kustomizations/gatekeeper.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..302bbac6d2f75923830a4b89ba33fc2912137c99
--- /dev/null
+++ b/instance/flux-system/kustomizations/gatekeeper.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-gatekeeper
+spec:
+ path: './instance/gatekeeper-system'
diff --git a/instance/flux-system/kustomizations/istio.yaml b/instance/flux-system/kustomizations/istio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d1a5ae8030fc1ec4ca97f9fab80c43ffcaeb0d29
--- /dev/null
+++ b/instance/flux-system/kustomizations/istio.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-istio-operator
+spec:
+ path: './instance/istio-operator'
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-istio-system
+spec:
+ path: './instance/istio-system'
+ dependsOn:
+ - name: bigbang-istio-operator
+ namespace: flux-system
+ healthChecks:
+ - kind: Deployment
+ apiVersion: apps/v1
+ name: istiod
+ namespace: istio-system
diff --git a/instance/flux-system/kustomizations/kustomization.yaml b/instance/flux-system/kustomizations/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..af6d4d2ad19a46778e5b1eef85dd75834c364726
--- /dev/null
+++ b/instance/flux-system/kustomizations/kustomization.yaml
@@ -0,0 +1,26 @@
+namespace: flux-system
+
+resources:
+ - istio.yaml
+ - flux.yaml
+ - cert-manager.yaml
+ - logging.yaml
+ - monitoring.yaml
+ - gatekeeper.yaml
+
+patches:
+ - target:
+ kind: Kustomization
+ group: kustomize.toolkit.fluxcd.io
+ patch: |
+ apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+ kind: Kustomization
+ metadata:
+ name: bigbang-apps
+ spec:
+ interval: 2m
+ sourceRef:
+ kind: GitRepository
+ name: this
+ prune: true
+ timeout: 2m
\ No newline at end of file
diff --git a/instance/flux-system/kustomizations/logging.yaml b/instance/flux-system/kustomizations/logging.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7f1f5aceac67872830204afbe9f0b78cd4fe8e2a
--- /dev/null
+++ b/instance/flux-system/kustomizations/logging.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-eck-operator
+spec:
+ path: './instance/elastic-system'
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-logging
+spec:
+ path: './instance/logging'
+ dependsOn:
+ - name: bigbang-istio-system
+ namespace: flux-system
\ No newline at end of file
diff --git a/instance/flux-system/kustomizations/monitoring.yaml b/instance/flux-system/kustomizations/monitoring.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5c5b8a29e9d5e5561c4ad79d3e34b96a0ef453b9
--- /dev/null
+++ b/instance/flux-system/kustomizations/monitoring.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: bigbang-monitoring
+spec:
+ path: './instance/monitoring'
+ healthChecks:
+ - kind: HelmRelease
+ apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ name: monitoring
+ namespace: monitoring
\ No newline at end of file
diff --git a/instance/gatekeeper-system/kustomization.yaml b/instance/gatekeeper-system/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2ae266cb3aea47983d249e2e3b605f485938765f
--- /dev/null
+++ b/instance/gatekeeper-system/kustomization.yaml
@@ -0,0 +1,4 @@
+namespace: gatekeeper-system
+
+resources:
+ - ../../base/gatekeeper
\ No newline at end of file
diff --git a/instance/istio-operator/kustomization.yaml b/instance/istio-operator/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e6cc7b5edb3723afd8c7ce08a7eec195928184e
--- /dev/null
+++ b/instance/istio-operator/kustomization.yaml
@@ -0,0 +1,4 @@
+namespace: istio-operator
+
+resources:
+- ../../base/istio/istio-operator
diff --git a/instance/istio-system/Kptfile b/instance/istio-system/Kptfile
new file mode 100644
index 0000000000000000000000000000000000000000..923817bd5c5351d57d42b0d029d9a00ee5f914d2
--- /dev/null
+++ b/instance/istio-system/Kptfile
@@ -0,0 +1,27 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+metadata:
+ name: istio
+packageMetadata:
+ shortDescription: sample description
+openAPI:
+ definitions:
+ io.k8s.cli.setters.hostname:
+ x-k8s-cli:
+ setter:
+ name: hostname
+ value: hostname
+ required: true
+ io.k8s.cli.substitutions.gateway-hostname:
+ x-k8s-cli:
+ substitution:
+ name: gateway-hostname
+ pattern: '*.${hostname}'
+ values:
+ - marker: ${hostname}
+ ref: '#/definitions/io.k8s.cli.setters.hostname'
+ io.k8s.cli.setters.gateway-tls-secret:
+ x-k8s-cli:
+ setter:
+ name: gateway-tls-secret
+ value: wildcard-cert
diff --git a/instance/istio-system/gateway.yaml b/instance/istio-system/gateway.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c9d6b2a505401fc42d360b5a86ec6cdfb0f4e501
--- /dev/null
+++ b/instance/istio-system/gateway.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+ name: main
+ namespace: istio-system
+spec:
+ selector:
+ istio: ingressgateway
+ servers:
+ - port:
+ number: 80
+ name: http
+ protocol: HTTP
+ hosts:
+ - '*'
+ # tls:
+ # httpsRedirect: true
+ - port:
+ number: 443
+ name: https
+ protocol: HTTPS
+ hosts:
+ - '*.hostname' # {"$kpt-set":"gateway-hostname"}
+ tls:
+ mode: SIMPLE
+ credentialName: wildcard-cert # {"$kpt-set":"gateway-tls-secret"}
diff --git a/instance/istio-system/kustomization.yaml b/instance/istio-system/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..852ede0f98448d1f38d3719fa73b05f8debbc80d
--- /dev/null
+++ b/instance/istio-system/kustomization.yaml
@@ -0,0 +1,6 @@
+namespace: istio-system
+
+resources:
+- ../../base/istio/istio-system
+
+- gateway.yaml
diff --git a/instance/logging/Kptfile b/instance/logging/Kptfile
new file mode 100644
index 0000000000000000000000000000000000000000..1b02ae7e47b99ab947b3445cf2bb4a7d13e19f0c
--- /dev/null
+++ b/instance/logging/Kptfile
@@ -0,0 +1,21 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+metadata:
+ name: logging
+packageMetadata:
+ shortDescription: sample description
+openAPI:
+ definitions:
+ io.k8s.cli.setters.hostname:
+ x-k8s-cli:
+ setter:
+ name: hostname
+ value: kibana.hostname
+ io.k8s.cli.substitutions.kibana-hostname:
+ x-k8s-cli:
+ substitution:
+ name: kibana-hostname
+ pattern: kibana.${hostname}
+ values:
+ - marker: ${hostname}
+ ref: '#/definitions/io.k8s.cli.setters.hostname'
diff --git a/instance/logging/README.md b/instance/logging/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5322de510da864fe46db5dd8844aad606cec2b09
--- /dev/null
+++ b/instance/logging/README.md
@@ -0,0 +1,29 @@
+# logging
+
+## Description
+sample description
+
+## Usage
+
+### Fetch the package
+`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] logging`
+Details: https://googlecontainertools.github.io/kpt/reference/pkg/get/
+
+### View package content
+`kpt cfg tree logging`
+Details: https://googlecontainertools.github.io/kpt/reference/cfg/tree/
+
+### List setters
+`kpt cfg list-setters logging`
+Details: https://googlecontainertools.github.io/kpt/reference/cfg/list-setters/
+
+### Set a value
+`kpt cfg set logging NAME VALUE`
+Details: https://googlecontainertools.github.io/kpt/reference/cfg/set/
+
+### Apply the package
+```
+kpt live init logging
+kpt live apply logging --reconcile-timeout=2m --output=table
+```
+Details: https://googlecontainertools.github.io/kpt/reference/live/
diff --git a/instance/logging/ingress/kibana-vs.yaml b/instance/logging/ingress/kibana-vs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..08e7e0def04b108bd8e0c28f35bf809595e18e90
--- /dev/null
+++ b/instance/logging/ingress/kibana-vs.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: kibana
+spec:
+ hosts:
+ - "kibana.hostname" # {"$kpt-set":"kibana-hostname"}
+ gateways:
+ - main.istio-system.svc.cluster.local
+ http:
+ - route:
+ - destination:
+ port:
+ number: 5601
+ host: kibana-kb-http
diff --git a/instance/logging/ingress/kustomization.yaml b/instance/logging/ingress/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..91a14c276656a1c8e18011606d80949bcfdc70e3
--- /dev/null
+++ b/instance/logging/ingress/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- kibana-vs.yaml
diff --git a/instance/logging/kustomization.yaml b/instance/logging/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..73fdf28edd5beef7b93e9c4906fcf3109f4f18fb
--- /dev/null
+++ b/instance/logging/kustomization.yaml
@@ -0,0 +1,6 @@
+namespace: logging
+
+resources:
+- ../../base/logging/efk
+
+- ingress
diff --git a/instance/monitoring/Kptfile b/instance/monitoring/Kptfile
new file mode 100644
index 0000000000000000000000000000000000000000..33ee594cf77ce013a1dac38ee8590f52a88c624a
--- /dev/null
+++ b/instance/monitoring/Kptfile
@@ -0,0 +1,37 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+metadata:
+ name: monitoring
+packageMetadata:
+ shortDescription: sample description
+openAPI:
+ definitions:
+ io.k8s.cli.setters.hostname:
+ x-k8s-cli:
+ setter:
+ name: hostname
+ value: hostname
+ io.k8s.cli.substitutions.alertmanager-hostname:
+ x-k8s-cli:
+ substitution:
+ name: alertmanager-hostname
+ pattern: alerts.${hostname}
+ values:
+ - marker: ${hostname}
+ ref: '#/definitions/io.k8s.cli.setters.hostname'
+ io.k8s.cli.substitutions.prometheus-hostname:
+ x-k8s-cli:
+ substitution:
+ name: prometheus-hostname
+ pattern: prometheus.${hostname}
+ values:
+ - marker: ${hostname}
+ ref: '#/definitions/io.k8s.cli.setters.hostname'
+ io.k8s.cli.substitutions.grafana-hostname:
+ x-k8s-cli:
+ substitution:
+ name: grafana-hostname
+ pattern: grafana.${hostname}
+ values:
+ - marker: ${hostname}
+ ref: '#/definitions/io.k8s.cli.setters.hostname'
diff --git a/instance/monitoring/helmrelease.yaml b/instance/monitoring/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d58d4f4da8be8cb296059aee950a900e01de8efe
--- /dev/null
+++ b/instance/monitoring/helmrelease.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: monitoring
+ namespace: monitoring
diff --git a/instance/monitoring/ingress/alertmanager-vs.yaml b/instance/monitoring/ingress/alertmanager-vs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..15578a434ffa3526a98b86faf847a3e510a15355
--- /dev/null
+++ b/instance/monitoring/ingress/alertmanager-vs.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: alert-manager
+spec:
+ hosts:
+ - "alerts.hostname" # {"$kpt-set":"alertmanager-hostname"}
+ gateways:
+ - main.istio-system.svc.cluster.local
+ http:
+ - route:
+ - destination:
+ port:
+ number: 9093
+ host: monitoring-alertmanager
diff --git a/instance/monitoring/ingress/grafana-vs.yaml b/instance/monitoring/ingress/grafana-vs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..89fb4b83965771574fc34289dab59ae2e7bfbafb
--- /dev/null
+++ b/instance/monitoring/ingress/grafana-vs.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: grafana
+spec:
+ hosts:
+ - "grafana.hostname" # {"$kpt-set":"grafana-hostname"}
+ gateways:
+ - main.istio-system.svc.cluster.local
+ http:
+ - route:
+ - destination:
+ port:
+ number: 80
+ host: monitoring-grafana
diff --git a/instance/monitoring/ingress/kustomization.yaml b/instance/monitoring/ingress/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b48335caebeb16947509c55869248e273f0089b5
--- /dev/null
+++ b/instance/monitoring/ingress/kustomization.yaml
@@ -0,0 +1,6 @@
+namespace: monitoring
+
+resources:
+- alertmanager-vs.yaml
+- grafana-vs.yaml
+- prometheus-vs.yaml
diff --git a/instance/monitoring/ingress/prometheus-vs.yaml b/instance/monitoring/ingress/prometheus-vs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..eb14e8b72f64f862a173ff6bc1e7548b9dd5bb67
--- /dev/null
+++ b/instance/monitoring/ingress/prometheus-vs.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: prometheus
+spec:
+ hosts:
+ - "prometheus.hostname" # {"$kpt-set":"prometheus-hostname"}
+ gateways:
+ - main.istio-system.svc.cluster.local
+ http:
+ - route:
+ - destination:
+ port:
+ number: 9090
+ host: monitoring-prometheus
diff --git a/instance/monitoring/kustomization.yaml b/instance/monitoring/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a292718b71c60e620e4fc262baaec5b10287e3fa
--- /dev/null
+++ b/instance/monitoring/kustomization.yaml
@@ -0,0 +1,10 @@
+namespace: monitoring
+
+resources:
+- ../../base/monitoring
+
+# Environment specific values
+- ingress
+
+patchesStrategicMerge:
+ - helmrelease.yaml
\ No newline at end of file
diff --git a/stack/base/config.yaml b/stack/base/config.yaml
deleted file mode 100644
index 42474d6df7961db0837a68110ee18f511fcfbaac..0000000000000000000000000000000000000000
--- a/stack/base/config.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-varReference:
- - kind: HelmRelease
- path: spec/values/hostname
- - kind: VirtualService
- path: spec/hosts
- - kind: Gateway
- path: spec/servers/hosts
- - kind: Certificate
- path: spec/dnsNames
\ No newline at end of file
diff --git a/stack/base/flux-system/toolkit/kustomization.yaml b/stack/base/flux-system/toolkit/kustomization.yaml
deleted file mode 100644
index 0ff1acf3687c98e28622386ed74a76cc89b21726..0000000000000000000000000000000000000000
--- a/stack/base/flux-system/toolkit/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-commonLabels:
- owner: p1
-
-resources:
- - all.yaml
diff --git a/stack/base/istio/istio-operator/kustomization.yaml b/stack/base/istio/istio-operator/kustomization.yaml
deleted file mode 100644
index adc1d18d87029f75c77036c9edd9ab6c53ab49ad..0000000000000000000000000000000000000000
--- a/stack/base/istio/istio-operator/kustomization.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resources:
- - operator.yaml
\ No newline at end of file
diff --git a/stack/base/istio/istio-system/gateway.yaml b/stack/base/istio/istio-system/gateway.yaml
deleted file mode 100644
index 4b5cbe5d7c7277fd66a7e45fb675b747fa7a4b93..0000000000000000000000000000000000000000
--- a/stack/base/istio/istio-system/gateway.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
- name: main
- namespace: istio-system
-spec:
- selector:
- istio: ingressgateway
- servers:
- - port:
- number: 80
- name: http
- protocol: HTTP
- hosts:
- - '*'
- # tls:
- # httpsRedirect: true
- - port:
- number: 443
- name: https
- protocol: HTTPS
- hosts:
- - '*.$(hostname)'
- tls:
- mode: SIMPLE
- credentialName: wildcard-cert
diff --git a/stack/base/istio/istio-system/kustomization.yaml b/stack/base/istio/istio-system/kustomization.yaml
deleted file mode 100644
index 98a3d80a276f81cc4c1bfa9fd5f2cdfc3f78be7c..0000000000000000000000000000000000000000
--- a/stack/base/istio/istio-system/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-resources:
- - namespace.yaml
- - istio.yaml
- - gateway.yaml
\ No newline at end of file
diff --git a/stack/base/istio/kustomization.yaml b/stack/base/istio/kustomization.yaml
deleted file mode 100644
index d9dacd06c9b53f73d0ce798e9956ee46f4177bab..0000000000000000000000000000000000000000
--- a/stack/base/istio/kustomization.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-resources:
- - istio-operator/
- - istio-system/
\ No newline at end of file
diff --git a/stack/base/kustomization.yaml b/stack/base/kustomization.yaml
deleted file mode 100644
index a1361229f8484bce829b524b2efeebe446b81e32..0000000000000000000000000000000000000000
--- a/stack/base/kustomization.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-resources:
- - flux-system
- - istio
- - observability
- - cert-manager
- - gatekeeper
-
-patches:
- # Add common parameters to all HelmReleases
- - target:
- kind: HelmRelease
- group: helm.toolkit.fluxcd.io
- patch: |
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
- kind: HelmRelease
- metadata:
- name: common
- spec:
- test:
- enable: false
- install:
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 3
- remediateLastFailure: true
- cleanupOnFail: true
- rollback:
- timeout: 1m
- cleanupOnFail: true
-
-configMapGenerator:
- - name: globals
- namespace: flux-system
-
-vars:
- - name: hostname
- objref: { kind: ConfigMap, name: globals, apiVersion: v1 }
- fieldref:
- fieldpath: data.hostname
-
-configurations:
- - config.yaml
\ No newline at end of file
diff --git a/stack/base/observability/monitoring/alertmanager-vs.yaml b/stack/base/observability/monitoring/alertmanager-vs.yaml
deleted file mode 100644
index 7963c9de8fb623cfb3f27c8050892160399cf154..0000000000000000000000000000000000000000
--- a/stack/base/observability/monitoring/alertmanager-vs.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
- name: alert-manager
- namespace: observability
-spec:
- hosts:
- - "alerts.$(hostname)"
- gateways:
- - main.istio-system.svc.cluster.local
- http:
- - route:
- - destination:
- port:
- number: 9093
- host: monitoring-alertmanager.observability.svc.cluster.local
diff --git a/stack/base/observability/monitoring/grafana-vs.yaml b/stack/base/observability/monitoring/grafana-vs.yaml
deleted file mode 100644
index 81deb3796e34548413a3a3c5d5c79d15640d4fe9..0000000000000000000000000000000000000000
--- a/stack/base/observability/monitoring/grafana-vs.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
- name: grafana
- namespace: observability
-spec:
- hosts:
- - "grafana.$(hostname)"
- gateways:
- - main.istio-system.svc.cluster.local
- http:
- - route:
- - destination:
- port:
- number: 80
- host: monitoring-grafana.observability.svc.cluster.local
diff --git a/stack/base/observability/monitoring/kustomization.yaml b/stack/base/observability/monitoring/kustomization.yaml
deleted file mode 100644
index dd6f2ef7ff7d6b41de767538ed020ec833a73cfa..0000000000000000000000000000000000000000
--- a/stack/base/observability/monitoring/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-resources:
- - kube-prometheus-stack.yaml
-
- # Virtual Services
- - alertmanager-vs.yaml
- - grafana-vs.yaml
- - prometheus-vs.yaml
diff --git a/stack/base/observability/monitoring/prometheus-vs.yaml b/stack/base/observability/monitoring/prometheus-vs.yaml
deleted file mode 100644
index 0eb1ae850edf89f25846fa6ab1fdfe4eb1d4c7e8..0000000000000000000000000000000000000000
--- a/stack/base/observability/monitoring/prometheus-vs.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
- name: prometheus
- namespace: observability
-spec:
- hosts:
- - "prometheus.$(hostname)"
- gateways:
- - main.istio-system.svc.cluster.local
- http:
- - route:
- - destination:
- port:
- number: 9090
- host: monitoring-prometheus.observability.svc.cluster.local
diff --git a/stack/bootstrap/bootstrap.yaml b/stack/bootstrap/bootstrap.yaml
deleted file mode 100644
index 5b37cdcb100064897c3a9861beb5758b96755fa3..0000000000000000000000000000000000000000
--- a/stack/bootstrap/bootstrap.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
-metadata:
- name: this
- namespace: flux-system
-spec:
- interval: 1m
- ref:
- branch: $branch
- url: $repo
- ignore: |
- # exclude all
- /*
- # include deploy dirs
- !/stack/
-
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
-kind: Kustomization
-metadata:
- name: bigbang-umbrella
- namespace: flux-system
-spec:
- interval: 1m
- path: './stack/env/$env'
- sourceRef:
- kind: GitRepository
- name: this
- prune: true
\ No newline at end of file
diff --git a/stack/env/dev/globals.env b/stack/env/dev/globals.env
deleted file mode 100644
index baed74fd12ef64d4fe105e81c21e90efdda5d4fa..0000000000000000000000000000000000000000
--- a/stack/env/dev/globals.env
+++ /dev/null
@@ -1 +0,0 @@
-hostname=bigbang.dev
\ No newline at end of file
diff --git a/stack/env/dev/kustomization.yaml b/stack/env/dev/kustomization.yaml
deleted file mode 100644
index 4b00b766c08c6550f8eb8fe07264da97e59edfdf..0000000000000000000000000000000000000000
--- a/stack/env/dev/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
- - ../../base
-
-configMapGenerator:
- - name: globals
- namespace: flux-system
- behavior: merge
- envs:
- - globals.env
\ No newline at end of file