diff --git a/charts/stable/datapower-operator/Chart.yaml b/charts/stable/datapower-operator/Chart.yaml index 6a01f68..d328894 100644 --- a/charts/stable/datapower-operator/Chart.yaml +++ b/charts/stable/datapower-operator/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: datapower-operator description: A chart to deploy the DataPowerService Operator type: application -version: 1.1.1 -appVersion: 1.1.1 -kubeVersion: '>=1.16.0' +version: 1.2.0 +appVersion: 1.2.0 +kubeVersion: '>=1.17.0' keywords: - amd64 - Security diff --git a/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowermonitors_crd.yaml b/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowermonitors_crd.yaml index 148406f..6ba6886 100644 --- a/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowermonitors_crd.yaml +++ b/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowermonitors_crd.yaml @@ -1,157 +1,133 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: "2020-09-28T19:00:12Z" + creationTimestamp: "2020-11-19T23:49:06Z" labels: app.kubernetes.io/instance: datapower-operator app.kubernetes.io/managed-by: datapower-operator app.kubernetes.io/name: datapowermonitors.datapower.ibm.com name: datapowermonitors.datapower.ibm.com spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: DataPowerMonitor phase - name: Phase - type: string - - JSONPath: .status.lastEvent - description: Last Pod event - name: Last Event - type: string - - JSONPath: .status.workPending - description: Work is pending - name: Work Pending - type: boolean - - JSONPath: .status.workInProgress - description: Work is in-progress - name: Work In-Progress - type: boolean - - JSONPath: .metadata.creationTimestamp - name: Age - type: date group: datapower.ibm.com names: categories: - - all - - apic - - integration - - cp4i + - all + - apic + - integration + - cp4i kind: DataPowerMonitor listKind: DataPowerMonitorList plural: datapowermonitors shortNames: - - dpm + - dpm singular: datapowermonitor - preserveUnknownFields: false scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: 'DataPowerMonitor provides an API for monitoring the DataPower - StatefulSet. API version: v1beta2' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + versions: + - additionalPrinterColumns: + - description: DataPowerMonitor phase + jsonPath: .status.phase + name: Phase type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + - description: Last Pod event + jsonPath: .status.lastEvent + name: Last Event type: string - metadata: - type: object - spec: - description: DataPowerMonitorSpec defines the desired state of DataPowerMonitor + - description: Work is pending + jsonPath: .status.workPending + name: Work Pending + type: boolean + - description: Work is in-progress + jsonPath: .status.workInProgress + name: Work In-Progress + type: boolean + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: 'DataPowerMonitor provides an API for monitoring the DataPower StatefulSet. API version: v1beta2 Documentation: https://ibm.biz/BdqUZr License: https://ibm.biz/Bdq5dy' properties: - lifecycleDebounceMs: - description: Set the lifecycle debounce in milliseconds - format: int32 - minimum: 1000 - type: integer - monitorGatewayPeering: - description: Enables the peering status monitoring functionality in - the DataPowerMonitor - type: boolean - peeringRecoveryCheckIntervalMs: - description: Set the peering recovery interval in milliseconds - format: int32 - minimum: 1000 - type: integer - type: object - status: - description: DataPowerMonitorStatus defines the observed state of DataPowerMonitor - properties: - conditions: - description: Conditions represent the latest available observations - of the DataPowerMonitor's state - items: - description: "Condition represents an observation of an object's state. - Conditions are an extension mechanism intended to be used when the - details of an observation are not a priori known or would not apply - to all instances of a given Kind. \n Conditions should be added - to explicitly convey properties that users and components care about - rather than requiring those properties to be inferred from other - observations. Once defined, the meaning of a Condition can not be - changed arbitrarily - it becomes part of the API, and has the same - backwards- and forwards-compatibility concerns of any other part - of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and is - typically a CamelCased word or short phrase. \n Condition types - should indicate state in the \"abnormal-true\" polarity. For - example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - lastEvent: - description: Timestamp of last Pod event in RFC 3339 format + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - phase: - description: Phase of the DataPowerMonitor instance - enum: - - Pending - - Running - - Failed + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - workInProgress: - description: Boolean to signal that work is in-progress on this instance - type: boolean - workPending: - description: Boolean to signal that work is pending on this instance - type: boolean - required: - - conditions - - lastEvent - - phase - - workInProgress - - workPending + metadata: + type: object + spec: + description: DataPowerMonitorSpec defines the desired state of DataPowerMonitor + properties: + lifecycleDebounceMs: + description: Set the lifecycle debounce in milliseconds + format: int32 + minimum: 1000 + type: integer + monitorGatewayPeering: + description: Enables the peering status monitoring functionality in the DataPowerMonitor + type: boolean + peeringRecoveryCheckIntervalMs: + description: Set the peering recovery interval in milliseconds + format: int32 + minimum: 1000 + type: integer + type: object + status: + description: DataPowerMonitorStatus defines the observed state of DataPowerMonitor + properties: + conditions: + description: Conditions represent the latest available observations of the DataPowerMonitor's state + items: + description: "Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind. \n Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is typically a CamelCased word or short phrase. \n Condition types should indicate state in the \"abnormal-true\" polarity. For example, if the condition indicates when a policy is invalid, the \"is valid\" case is probably the norm, so the condition should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + lastEvent: + description: Timestamp of last Pod event in RFC 3339 format + type: string + phase: + description: Phase of the DataPowerMonitor instance + enum: + - Pending + - Running + - Failed + type: string + workInProgress: + description: Boolean to signal that work is in-progress on this instance + type: boolean + workPending: + description: Boolean to signal that work is pending on this instance + type: boolean + required: + - conditions + - lastEvent + - phase + - workInProgress + - workPending + type: object type: object - type: object - versions: - - name: v1beta2 - served: true - storage: true + served: true + storage: true + subresources: + status: {} + preserveUnknownFields: false status: acceptedNames: kind: "" diff --git a/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowerservices_crd.yaml b/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowerservices_crd.yaml index 793bc4c..b451023 100644 --- a/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowerservices_crd.yaml +++ b/charts/stable/datapower-operator/crds/datapower.ibm.com_datapowerservices_crd.yaml @@ -1,7 +1,7 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: "2020-09-28T19:00:14Z" + creationTimestamp: "2020-11-19T23:49:08Z" labels: app.kubernetes.io/instance: datapower-operator app.kubernetes.io/managed-by: datapower-operator @@ -10,3207 +10,2378 @@ metadata: spec: conversion: strategy: Webhook - webhookClientConfig: - service: - name: changeme - namespace: default + webhook: + clientConfig: + service: + name: changeme + namespace: default + conversionReviewVersions: + - v1 + - v1beta1 group: datapower.ibm.com names: categories: - - all - - apic - - integration - - cp4i + - all + - apic + - integration + - cp4i kind: DataPowerService listKind: DataPowerServiceList plural: datapowerservices shortNames: - - dp + - dp singular: datapowerservice - preserveUnknownFields: false scope: Namespaced - subresources: - status: {} versions: - - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - description: DataPowerService readiness status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=="Ready")].message - description: DataPowerService readiness summary - name: Summary - type: string - - JSONPath: .status.versions.reconciled - description: DataPowerService reconciled version - name: Version - type: string - - JSONPath: .status.conditions[?(@.type=="ReconcileError")].message - description: DataPowerService reconcile error - name: Error - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: 'DataPowerService is the primary API for managing a DataPower - StatefulSet. API version: v1beta1' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DataPowerServiceSpec defines the desired state of DataPowerService - properties: - affinity: - description: Affinity section to allow users to override the default - affinity settings - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: + - additionalPrinterColumns: + - description: DataPowerService readiness status + jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - description: DataPowerService readiness summary + jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Summary + type: string + - description: DataPowerService reconciled version + jsonPath: .status.versions.reconciled + name: Version + type: string + - description: DataPowerService reconcile error + jsonPath: .status.conditions[?(@.type=="ReconcileError")].message + name: Error + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: 'DataPowerService is the primary API for managing a DataPower StatefulSet. API version: v1beta1 Documentation: https://ibm.biz/BdqUZX License: https://ibm.biz/Bdq5dy' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataPowerServiceSpec defines the desired state of DataPowerService + properties: + affinity: + description: Affinity section to allow users to override the default affinity settings + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: + type: array + required: - key - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer + type: array + type: object + type: array required: - - podAffinityTerm - - weight + - nodeSelectorTerms type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - type: string + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: + type: array + required: - key - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: type: string - required: + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - type: string + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: Annotations field allows custom annotations to be added - to the service - type: object - datapowerMonitor: - description: DataPower Monitor configuration - properties: - env: - description: Environment variables - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array type: object - type: array - image: - description: Image specifier for DataPower Monitor + type: object + annotations: + additionalProperties: type: string - lifecycleDebounceMs: - description: Set the pod lifecycle debounce in milliseconds - format: int32 - type: integer - livenessProbePort: - description: LivenessProbe port - format: int32 - type: integer - monitorGatewayPeering: - description: Enables the peering status monitoring functionality - in the DataPower Monitor - type: boolean - peeringRecoveryCheckIntervalMs: - description: Set the pod peering recovery interval in milliseconds - format: int32 - type: integer - resources: - description: Monitor resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - xmlMgmtPort: - description: Should match the port xml-mgmt is configured to listen - on, if not provided 5550 will be used - format: int32 - type: integer - type: object - debug: - description: User exposed debug toggle. Use this to obtain debug information - from init scripts. - type: boolean - domains: - description: List of DataPowerDomains to associate with Service - items: - description: DataPowerDomainSpec defines the desired state of DataPowerDomain + description: Annotations field allows custom annotations to be added to the service + type: object + datapowerMonitor: + description: DataPower Monitor configuration properties: - certs: - description: Secrets containing crypto info + env: + description: Environment variables items: + description: EnvVar represents an environment variable present in a Container. properties: - certType: - description: Type of certs, usrcerts or sharedcerts - enum: - - sharedcerts - - usrcerts - minLength: 1 - type: string - secret: - description: Secret containing certs - minLength: 1 + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - subPath: - description: SubPath cert is placed into + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object required: - - certType - - secret + - name type: object type: array - dpApp: - description: Name of the configmap to be used for Domain config - properties: - config: - description: ConfigMaps storing DataPower configuration - files - items: - description: ConfigMap containing DataPower configuration - files - minLength: 1 - type: string - minItems: 1 - type: array - local: - description: ConfigMaps storing DataPower local files - items: - description: ConfigMap containing DataPower configuration - files - minLength: 1 - type: string - type: array - required: - - config - type: object - name: - description: Name of the domain - minLength: 1 - type: string - required: - - name - type: object - type: array - env: - description: Environment variables - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + image: + description: Image specifier for DataPower Monitor type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: + lifecycleDebounceMs: + description: Set the pod lifecycle debounce in milliseconds + format: int32 + type: integer + livenessProbePort: + description: LivenessProbe port + format: int32 + type: integer + monitorGatewayPeering: + description: Enables the peering status monitoring functionality in the DataPower Monitor + type: boolean + peeringRecoveryCheckIntervalMs: + description: Set the pod peering recovery interval in milliseconds + format: int32 + type: integer + resources: + description: Monitor resources + properties: + limits: + additionalProperties: + anyOf: - type: integer - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object - required: - - name + xmlMgmtPort: + description: Should match the port xml-mgmt is configured to listen on, if not provided 5550 will be used + format: int32 + type: integer type: object - type: array - extraExe: - description: List of ConfigMap names to mount containing extra executables - items: - type: string - type: array - image: - description: Custom DataPower image - minLength: 1 - type: string - imagePullSecrets: - description: Image pull secrets - items: - type: string - type: array - initCmds: - description: Commands to run during user-specified initialization - stage - items: - type: string - type: array - labels: - additionalProperties: - type: string - description: Labels field allows custom labels to be added to the - service - type: object - license: - description: DataPower License - properties: - accept: - description: 'The license agreement must be accepted during installation - of this product. To view the license for a given DataPower image, - you can view the license by running the container: docker run - --rm --show-license' - type: boolean - use: - description: The license use. Will inform which DataPower image - is pulled during install. If running in IBM Cloud Pak for Integration, - only the production license is available. - enum: - - production - - nonproduction - - developers - - developers-limited - type: string - required: - - accept - - use - type: object - livenessProbe: - description: Custom LivenessProbe - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + debug: + description: User exposed debug toggle. Use this to obtain debug information from init scripts. + type: boolean + domains: + description: List of DataPowerDomains to associate with Service + items: + description: DataPowerDomainSpec defines the desired state of DataPowerDomain properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. + certs: + description: Secrets containing crypto info items: - description: HTTPHeader describes a custom header to be - used in HTTP probes properties: - name: - description: The header field name + certType: + description: Type of certs, usrcerts or sharedcerts + enum: + - sharedcerts + - usrcerts + minLength: 1 + type: string + secret: + description: Secret containing certs + minLength: 1 type: string - value: - description: The header field value + subPath: + description: SubPath cert is placed into type: string required: - - name - - value + - certType + - secret type: object type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. + dpApp: + description: Name of the configmap to be used for Domain config + properties: + config: + description: ConfigMaps storing DataPower configuration files + items: + description: ConfigMap containing DataPower configuration files + minLength: 1 + type: string + minItems: 1 + type: array + local: + description: ConfigMaps storing DataPower local files + items: + description: ConfigMap containing DataPower configuration files + minLength: 1 + type: string + type: array + required: + - config + type: object + name: + description: Name of the domain + minLength: 1 type: string required: - - port + - name type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported TODO: implement a realistic TCP - lifecycle hook' + type: array + env: + description: Environment variables + items: + description: EnvVar represents an environment variable present in a Container. properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - odTracing: - description: OpenTracingSpec defines desired state of agent and collector - containers - properties: - agent: - description: Defines probes for agent container - properties: - livenessProbe: - description: Trimmed down livenessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - readinessProbe: - description: Trimmed down readinessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - type: object - collector: - description: Defines probes for collector container - properties: - livenessProbe: - description: Trimmed down livenessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - readinessProbe: - description: Trimmed down readinessProbe + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object type: object + required: + - name type: object - enabled: - description: Whether OpenTracing is enabled or disabled - type: boolean - imageAgent: - description: Image for agent container - minLength: 1 - type: string - imageCollector: - description: Image for collector container - minLength: 1 + type: array + extraExe: + description: List of ConfigMap names to mount containing extra executables + items: type: string - imagePullPolicy: - description: Controls what conditions to pull image + type: array + image: + description: Custom DataPower image + minLength: 1 + type: string + imagePullSecrets: + description: Image pull secrets + items: type: string - odTracingDataHostname: - description: Data Hostname - minLength: 1 + type: array + initCmds: + description: Commands to run during user-specified initialization stage + items: type: string - odTracingRegistrationHostname: - description: Registration Hostname - minLength: 1 + type: array + labels: + additionalProperties: type: string - required: - - enabled - - imageAgent - - imageCollector - - imagePullPolicy - - odTracingDataHostname - - odTracingRegistrationHostname - type: object - podManagementPolicy: - description: Pod management policy for the DataPower StatefulSet - enum: - - Parallel - - OrderedReady - type: string - readinessProbe: - description: Custom ReadinessProbe - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported TODO: implement a realistic TCP - lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - replicas: - description: Desired number of DataPower Pods in the StatefulSet - format: int32 - minimum: 0 - type: integer - resources: - description: Resource limits and requests specifications for DataPowerService - statefulset - properties: - limits: - description: Limits describes the maximum amount of compute resources - allowed. - properties: - memory: - description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 - * 1024) - type: string - type: object - requests: - description: Requests describes the minimum amount of compute - resources required. - properties: - cpu: - description: CPU, in cores. Minimum value is 4. - minimum: 4 - type: integer - memory: - description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 - * 1024) - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName - type: string - storage: - description: Storage - items: - description: DataPowerStorage defines a single volume of persistent - or ephemeral type + description: Labels field allows custom labels to be added to the service + type: object + license: + description: DataPower License properties: - class: - description: Class specifies the storage class to create PVC - with - type: string - deleteClaim: - description: DeleteClaim defines if the volume claim should - be deleted; valid for persistent type only + accept: + description: 'The license agreement must be accepted during installation of this product. To view the license for a given DataPower image, you can view the license by running the container: docker run --rm --show-license' type: boolean - path: - description: Path is the path where the volume claim should - mount inside the container - minLength: 1 + use: + description: The license use. Will inform which DataPower image is pulled during install. If running in IBM Cloud Pak for Integration, only the production license is available. + enum: + - production + - nonproduction + - developers + - developers-limited type: string - selector: - description: Selector sets the label query for volumes to consider - for binding; valid for persistent type only + required: + - accept + - use + type: object + livenessProbe: + description: Custom LivenessProbe + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: HTTPHeader describes a custom header to be used in HTTP probes properties: - key: - description: key is the label key that the selector - applies to. + name: + description: The header field name type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + value: + description: The header field value type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port type: object - size: - anyOf: - - type: integer - - type: string - description: 'Size is the amount of storage that should be requested - Expected format is #Gi' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: Type is the type of storage, options are ephemeral - and persistent - enum: - - ephemeral - - persistent - type: string - volumeMode: - description: VolumeMode switches between block and filesystem - storage; valid for persistent type only - type: string - required: - - path - - type + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - users: - description: List of DataPower Users - items: - description: DataPowerUsersSpec defines the desired state of DataPowerUsers + odTracing: + description: OpenTracingSpec defines desired state of agent and collector containers properties: - accessLevel: - description: User access level - enum: - - group-defined - - privileged - type: string - group: - description: User group - type: string - name: - description: Name of the user + agent: + description: Defines probes for agent container + properties: + livenessProbe: + description: Trimmed down livenessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + readinessProbe: + description: Trimmed down readinessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + type: object + collector: + description: Defines probes for collector container + properties: + livenessProbe: + description: Trimmed down livenessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + readinessProbe: + description: Trimmed down readinessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + type: object + enabled: + description: Whether OpenTracing is enabled or disabled + type: boolean + imageAgent: + description: Image for agent container minLength: 1 type: string - passwordSecret: - description: Secret for user's credentials + imageCollector: + description: Image for collector container minLength: 1 type: string - required: - - accessLevel - - name - - passwordSecret - type: object - type: array - version: - description: DataPower Firmware Version - minLength: 1 - type: string - required: - - license - - replicas - - users - - version - type: object - status: - description: DataPowerServiceStatus defines the observed state of DataPowerService - properties: - conditions: - description: Conditions represent the latest available observations - of the DataPowerService's state - items: - description: "Condition represents an observation of an object's - state. Conditions are an extension mechanism intended to be used - when the details of an observation are not a priori known or would - not apply to all instances of a given Kind. \n Conditions should - be added to explicitly convey properties that users and components - care about rather than requiring those properties to be inferred - from other observations. Once defined, the meaning of a Condition - can not be changed arbitrarily - it becomes part of the API, and - has the same backwards- and forwards-compatibility concerns of - any other part of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. + imagePullPolicy: + description: Controls what conditions to pull image type: string - status: + odTracingDataHostname: + description: Data Hostname + minLength: 1 type: string - type: - description: "ConditionType is the type of the condition and - is typically a CamelCased word or short phrase. \n Condition - types should indicate state in the \"abnormal-true\" polarity. - For example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." + odTracingRegistrationHostname: + description: Registration Hostname + minLength: 1 type: string required: - - status - - type + - enabled + - imageAgent + - imageCollector + - imagePullPolicy + - odTracingDataHostname + - odTracingRegistrationHostname type: object - type: array - customImages: - description: True when a custom DataPower image is being used - type: boolean - nodes: - description: List of pods (by name) in the statefulset - items: + podManagementPolicy: + description: Pod management policy for the DataPower StatefulSet + enum: + - Parallel + - OrderedReady type: string - type: array - phase: - description: Phase of the DataPowerService instance - enum: - - Pending - - Running - - Failed - type: string - versions: - description: Reconciled and available versions - properties: - available: - description: Available versions for the DataPower operand - properties: - channels: - description: Available DataPower firmware channels - items: - description: Defines a DataPower Channel - properties: - name: - description: Name of the channel - type: string - required: - - name - type: object - type: array - versions: - description: Available DataPower firmware versions - items: - description: Defines a DataPower Version - properties: - name: - description: Name of the version - type: string - required: - - name - type: object - type: array - required: - - channels - - versions - type: object - reconciled: - description: Reconciled version of the DataPower operand - type: string - required: - - available - - reconciled - type: object - required: - - conditions - - customImages - - phase - - versions - type: object - type: object - served: true - storage: false - - additionalPrinterColumns: - - JSONPath: .status.phase - description: DataPowerService phase - name: Phase - type: string - - JSONPath: .status.conditions[?(@.type=="Ready")].status - description: DataPowerService readiness status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=="Ready")].message - description: DataPowerService readiness summary - name: Summary - type: string - - JSONPath: .status.versions.reconciled - description: DataPowerService reconciled version - name: Version - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: 'DataPowerService is the primary API for managing a DataPower - StatefulSet. API version: v1beta2' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DataPowerServiceSpec defines the desired state of DataPowerService - properties: - affinity: - description: Affinity section to allow users to override the default - affinity settings - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. + readinessProbe: + description: Custom ReadinessProbe + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + replicas: + description: Desired number of DataPower Pods in the StatefulSet + format: int32 + minimum: 0 + type: integer + resources: + description: Resource limits and requests specifications for DataPowerService statefulset + properties: + limits: + description: Limits describes the maximum amount of compute resources allowed. + properties: + memory: + description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 * 1024) + type: string + type: object + requests: + description: Requests describes the minimum amount of compute resources required. + properties: + cpu: + description: CPU, in cores. Minimum value is 4. + minimum: 4 + type: integer + memory: + description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 * 1024) + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName + type: string + storage: + description: Storage + items: + description: DataPowerStorage defines a single volume of persistent or ephemeral type properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + class: + description: Class specifies the storage class to create PVC with + type: string + deleteClaim: + description: DeleteClaim defines if the volume claim should be deleted; valid for persistent type only + type: boolean + path: + description: Path is the path where the volume claim should mount inside the container + minLength: 1 + type: string + selector: + description: Selector sets the label query for volumes to consider for binding; valid for persistent type only properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array + required: + - key + - operator type: object type: array - required: - - nodeSelectorTerms + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object + size: + anyOf: + - type: integer + - type: string + description: 'Size is the amount of storage that should be requested Expected format is #Gi' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type is the type of storage, options are ephemeral and persistent + enum: + - ephemeral + - persistent + type: string + volumeMode: + description: VolumeMode switches between block and filesystem storage; valid for persistent type only + type: string + required: + - path + - type type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). + type: array + users: + description: List of DataPower Users + items: + description: DataPowerUsersSpec defines the desired state of DataPowerUsers properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + accessLevel: + description: User access level + enum: + - group-defined + - privileged + type: string + group: + description: User group + type: string + name: + description: Name of the user + minLength: 1 + type: string + passwordSecret: + description: Secret for user's credentials + minLength: 1 + type: string + required: + - accessLevel + - name + - passwordSecret + type: object + type: array + version: + description: DataPower Firmware Version + minLength: 1 + type: string + required: + - license + - replicas + - users + - version + type: object + status: + description: DataPowerServiceStatus defines the observed state of DataPowerService + properties: + conditions: + description: Conditions represent the latest available observations of the DataPowerService's state + items: + description: "Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind. \n Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is typically a CamelCased word or short phrase. \n Condition types should indicate state in the \"abnormal-true\" polarity. For example, if the condition indicates when a policy is invalid, the \"is valid\" case is probably the norm, so the condition should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + customImages: + description: True when a custom DataPower image is being used + type: boolean + nodes: + description: List of pods (by name) in the statefulset + items: + type: string + type: array + phase: + description: Phase of the DataPowerService instance + enum: + - Pending + - Running + - Failed + type: string + versions: + description: Reconciled and available versions + properties: + available: + description: Available versions for the DataPower operand + properties: + channels: + description: Available DataPower firmware channels + items: + description: Defines a DataPower Channel + properties: + name: + description: Name of the channel + type: string + required: + - name + type: object + type: array + versions: + description: Available DataPower firmware versions + items: + description: Defines a DataPower Version + properties: + name: + description: Name of the version + type: string + required: + - name + type: object + type: array + required: + - channels + - versions + type: object + reconciled: + description: Reconciled version of the DataPower operand + type: string + required: + - available + - reconciled + type: object + required: + - conditions + - customImages + - phase + - versions + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: DataPowerService phase + jsonPath: .status.phase + name: Phase + type: string + - description: DataPowerService readiness status + jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - description: DataPowerService readiness summary + jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Summary + type: string + - description: DataPowerService reconciled version + jsonPath: .status.versions.reconciled + name: Version + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: 'DataPowerService is the primary API for managing a DataPower StatefulSet. API version: v1beta2 Documentation: https://ibm.biz/BdqUZ4 License: https://ibm.biz/Bdq5dy' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataPowerServiceSpec defines the desired state of DataPowerService + properties: + affinity: + description: Affinity section to allow users to override the default affinity settings + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: + type: array + required: - key - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer + type: array + type: object + type: array required: - - podAffinityTerm - - weight + - nodeSelectorTerms type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - type: string + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: + type: array + required: - key - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: type: string - required: + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - type: string + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Specify custom annotations to add to the DataPower Pods + type: object + debug: + description: Debug switch. Use this to obtain debug information from DataPower pod initialization. + type: boolean + domains: + description: List of DataPowerDomains to associate with Service + items: + description: DataPowerDomainSpec defines the desired state of DataPowerDomain + properties: + certs: + description: List of crypto Secrets and the desired location of their contents + items: + properties: + certType: + description: Type of certs, usrcerts or sharedcerts. usrcerts are available only to this Domain. sharedcerts are available to all Domains. + enum: + - sharedcerts + - usrcerts + minLength: 1 + type: string + secret: + description: Secret containing certs + minLength: 1 + type: string + subPath: + description: Subdirectory in which certs should be placed type: string required: - - topologyKey + - certType + - secret + type: object + type: array + dpApp: + description: DataPower config provided via ConfigMaps + properties: + config: + description: ConfigMaps storing DataPower configuration files + items: + description: ConfigMap containing DataPower configuration files + minLength: 1 + type: string + minItems: 1 + type: array + local: + description: ConfigMaps storing DataPower local files + items: + description: ConfigMap containing DataPower configuration files + minLength: 1 + type: string + type: array + required: + - config + type: object + name: + description: Name of the domain + minLength: 1 + type: string + required: + - name + type: object + type: array + env: + description: Environment variables + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraExe: + description: List of ConfigMap names to mount containing extra executables + items: + type: string + type: array + image: + description: Specify a specific DataPower image from a reachable repository. Entry should be a full image reference, i.e. docker.io/ibmcom/datapower:10.0.0.1. + minLength: 1 + type: string + imagePullSecrets: + description: List of image pull secrets. Expected input is the name of the secret containing docker registry credentials. Pull secrets can be created with `oc create secret docker-registry ...` + items: + type: string + type: array + initCmds: + description: Commands to run during user-specified initialization stage + items: + type: string + type: array + labels: + additionalProperties: + type: string + description: Specify custom labels to add to the DataPower Pods + type: object + license: + description: DataPower license + properties: + accept: + description: The license agreement must be accepted during installation of this product. To view the license for the latest DataPower version, please visit https://ibm.biz/Bdq5dy. To view the license for a specific version or custom image, docker run --rm --show-license. + type: boolean + use: + description: The license usage chosen will determine which edition of DataPower is deployed. If running in IBM Cloud Pak for Integration, only the production and nonproduction licenses are available. + enum: + - production + - nonproduction + - developers + - developers-limited + type: string + required: + - accept + - use + type: object + livenessProbe: + description: Customize the LivenessProbe on created DataPower Pods. Expected input is a full LivenessProbe definition. + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector allows scheduling Pods on Nodes by matching labels + type: object + odTracing: + description: OpenTracingSpec defines desired state of agent and collector containers + properties: + agent: + description: Defines probes for agent container + properties: + livenessProbe: + description: Trimmed down livenessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + readinessProbe: + description: Trimmed down readinessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + type: object + collector: + description: Defines probes for collector container + properties: + livenessProbe: + description: Trimmed down livenessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer + type: object + readinessProbe: + description: Trimmed down readinessProbe + properties: + failureThreshold: + description: Failure threshold + format: int32 + type: integer + initialDelaySeconds: + description: Initial Delay in seconds + format: int32 + type: integer + periodSeconds: + description: Period in seconds + format: int32 + type: integer + timeoutSeconds: + description: Timeout in seconds + format: int32 + type: integer type: object - type: array - type: object - type: object - annotations: - additionalProperties: + type: object + enabled: + description: Whether OpenTracing is enabled or disabled + type: boolean + imageAgent: + description: Image for agent container + minLength: 1 + type: string + imageCollector: + description: Image for collector container + minLength: 1 + type: string + imagePullPolicy: + description: Controls what conditions to pull image + type: string + odTracingDataHostname: + description: Data Hostname + minLength: 1 + type: string + odTracingRegistrationHostname: + description: Registration Hostname + minLength: 1 + type: string + required: + - enabled + - imageAgent + - imageCollector + - imagePullPolicy + - odTracingDataHostname + - odTracingRegistrationHostname + type: object + podManagementPolicy: + description: Pod management policy for DataPower Statefulset + enum: + - Parallel + - OrderedReady type: string - description: Specify custom annotations to add to the DataPower Pods. - type: object - debug: - description: Debug switch. Use this to obtain debug information from - DataPower pod initialization. - type: boolean - domains: - description: List of DataPowerDomains to associate with Service - items: - description: DataPowerDomainSpec defines the desired state of DataPowerDomain + readinessProbe: + description: Customize the ReadinessProbe on created DataPower Pods. Expected input is a full ReadinessProbe definition. properties: - certs: - description: List of crypto Secrets and the desired location - of their contents. - items: - properties: - certType: - description: Type of certs, usrcerts or sharedcerts. usrcerts - are available only to this Domain. sharedcerts are available - to all Domains. - enum: - - sharedcerts - - usrcerts - minLength: 1 - type: string - secret: - description: Secret containing certs - minLength: 1 - type: string - subPath: - description: Subdirectory in which certs should be placed. - type: string - required: - - certType - - secret - type: object - type: array - dpApp: - description: DataPower config provided via ConfigMaps + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. properties: - config: - description: ConfigMaps storing DataPower configuration - files + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: - description: ConfigMap containing DataPower configuration - files - minLength: 1 type: string - minItems: 1 type: array - local: - description: ConfigMaps storing DataPower local files + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: ConfigMap containing DataPower configuration - files - minLength: 1 - type: string + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string required: - - config + - port type: object - name: - description: Name of the domain - minLength: 1 - type: string - required: - - name + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - env: - description: Environment variables - items: - description: EnvVar represents an environment variable present in - a Container. + replicas: + description: Desired number of DataPower Pods in the StatefulSet + format: int32 + minimum: 0 + type: integer + resources: + description: Resource limits and requests specifications for DataPowerService statefulset properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. + limits: + description: Limits describes the maximum amount of compute resources allowed properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object + memory: + description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 * 1024) + type: string + type: object + requests: + description: Requests describes the minimum amount of compute resources required + properties: + cpu: + description: CPU, in cores. Minimum value is 4. + minimum: 4 + type: integer + memory: + description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 * 1024) + type: string type: object - required: - - name type: object - type: array - extraExe: - description: List of ConfigMap names to mount containing extra executables - items: - type: string - type: array - image: - description: Specify a specific DataPower image from a reachable repository. - Entry should be a full image reference, i.e. docker.io/ibmcom/datapower:10.0.0.1. - minLength: 1 - type: string - imagePullSecrets: - description: List of image pull secrets. Expected input is the name - of the secret containing docker registry credentials. Pull secrets - can be created with `oc create secret docker-registry ...` - items: - type: string - type: array - initCmds: - description: Commands to run during user-specified initialization - stage - items: - type: string - type: array - labels: - additionalProperties: + serviceAccountName: + description: ServiceAccountName type: string - description: Specify custom labels to add to the DataPower Pods. - type: object - license: - description: DataPower license - properties: - accept: - description: The license agreement must be accepted during installation - of this product. To view the license for the latest DataPower - version, please visit https://ibm.biz/BdquWS To view the license - for a specific version or custom image, docker run --rm - --show-license - type: boolean - use: - description: The license use. Will inform which DataPower image - is pulled during install. If running in IBM Cloud Pak for Integration, - only the production license is available. - enum: - - production - - nonproduction - - developers - - developers-limited - type: string - required: - - accept - - use - type: object - livenessProbe: - description: Customize the LivenessProbe on created DataPower Pods. - Expected input is a full LivenessProbe definition. - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + storage: + description: Storage + items: + description: DataPowerStorage defines a single volume of persistent or ephemeral type properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. + class: + description: Class specifies the storage class for the PVC type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array + deleteClaim: + description: DeleteClaim defines if the volume claim should be deleted; valid for persistent type only + type: boolean path: - description: Path to access on the HTTP server. + description: Path is the path where the volume claim should mount inside the container + minLength: 1 type: string - port: + selector: + description: Selector sets the label query for volumes to consider for binding; valid for persistent type only + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + size: anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. + - type: integer + - type: string + description: 'Size is the amount of storage that should be requested Expected format is #Gi' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. + type: + description: Type is the type of storage, options are ephemeral and persistent + enum: + - ephemeral + - persistent type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported TODO: implement a realistic TCP - lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + volumeMode: + description: VolumeMode is Filesystem for persistent type; not applicable for ephemeral type type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector allows scheduling Pods on Nodes by matching - labels - type: object - odTracing: - description: OpenTracingSpec defines desired state of agent and collector - containers - properties: - agent: - description: Defines probes for agent container - properties: - livenessProbe: - description: Trimmed down livenessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - readinessProbe: - description: Trimmed down readinessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - type: object - collector: - description: Defines probes for collector container - properties: - livenessProbe: - description: Trimmed down livenessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object - readinessProbe: - description: Trimmed down readinessProbe - properties: - failureThreshold: - description: Failure threshold - format: int32 - type: integer - initialDelaySeconds: - description: Initial Delay in seconds - format: int32 - type: integer - periodSeconds: - description: Period in seconds - format: int32 - type: integer - timeoutSeconds: - description: Timeout in seconds - format: int32 - type: integer - type: object + - path + - type type: object - enabled: - description: Whether OpenTracing is enabled or disabled - type: boolean - imageAgent: - description: Image for agent container - minLength: 1 - type: string - imageCollector: - description: Image for collector container - minLength: 1 - type: string - imagePullPolicy: - description: Controls what conditions to pull image - type: string - odTracingDataHostname: - description: Data Hostname - minLength: 1 - type: string - odTracingRegistrationHostname: - description: Registration Hostname - minLength: 1 - type: string - required: - - enabled - - imageAgent - - imageCollector - - imagePullPolicy - - odTracingDataHostname - - odTracingRegistrationHostname - type: object - podManagementPolicy: - description: Pod management policy for DataPower Statefulset - enum: - - Parallel - - OrderedReady - type: string - readinessProbe: - description: Customize the ReadinessProbe on created DataPower Pods. - Expected input is a full ReadinessProbe definition. - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. + type: array + tolerations: + description: Toleration settings for scheduling DataPower Pods + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + type: array + users: + description: List of DataPower Users + items: + description: DataPowerUsersSpec defines the desired state of DataPowerUsers properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. + accessLevel: + enum: + - group-defined + - privileged type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + group: type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. + name: + description: Name of the user + minLength: 1 + type: string + passwordSecret: + description: Secret containing user's credentials + minLength: 1 type: string required: - - port + - accessLevel + - name + - passwordSecret type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported TODO: implement a realistic TCP - lifecycle hook' + type: array + version: + description: Can refer to specific version, i.e. 10.0.0.1, or a channel, i.e. 10.0-lts + minLength: 1 + type: string + required: + - license + - replicas + - users + - version + type: object + status: + description: DataPowerServiceStatus defines the observed state of DataPowerService + properties: + conditions: + description: Conditions represent the latest available observations of the DataPowerService's state + items: + description: "Condition represents an observation of an object's state. Conditions are an extension mechanism intended to be used when the details of an observation are not a priori known or would not apply to all instances of a given Kind. \n Conditions should be added to explicitly convey properties that users and components care about rather than requiring those properties to be inferred from other observations. Once defined, the meaning of a Condition can not be changed arbitrarily - it becomes part of the API, and has the same backwards- and forwards-compatibility concerns of any other part of the API." properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase representation of the category of cause of the current status. It is intended to be used in concise output, such as one-line kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is typically a CamelCased word or short phrase. \n Condition types should indicate state in the \"abnormal-true\" polarity. For example, if the condition indicates when a policy is invalid, the \"is valid\" case is probably the norm, so the condition should be called \"Invalid\"." type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - status + - type type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - replicas: - description: Desired number of DataPower Pods in the StatefulSet - format: int32 - minimum: 0 - type: integer - resources: - description: Resource limits and requests specifications for DataPowerService - statefulset - properties: - limits: - description: Limits describes the maximum amount of compute resources - allowed. + type: array + customImages: + description: True when a custom DataPower image is being used + type: boolean + mgmtPorts: + description: List of ports for DataPower management interfaces + items: + description: Defines a DataPower Management Port properties: - memory: - description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 - * 1024) + name: + description: Name of the management service type: string - type: object - requests: - description: Requests describes the minimum amount of compute - resources required. - properties: - cpu: - description: CPU, in cores. Minimum value is 4. - minimum: 4 + port: + description: Port of the management service + format: int32 type: integer - memory: - description: Memory, in bytes. (8Gi = 8GiB = 8 * 1024 * 1024 - * 1024) - type: string + required: + - name + - port type: object - type: object - serviceAccountName: - description: ServiceAccountName - type: string - storage: - description: Storage - items: - description: DataPowerStorage defines a single volume of persistent - or ephemeral type + type: array + nodes: + description: List of pods (by name) in the statefulset + items: + type: string + type: array + phase: + description: Phase of the DataPowerService instance + enum: + - Pending + - Running + - Failed + type: string + versions: + description: Reconciled and available versions properties: - class: - description: Class specifies the storage class for the PVC - type: string - deleteClaim: - description: DeleteClaim defines if the volume claim should - be deleted; valid for persistent type only - type: boolean - path: - description: Path is the path where the volume claim should - mount inside the container - minLength: 1 - type: string - selector: - description: Selector sets the label query for volumes to consider - for binding; valid for persistent type only + available: + description: Available versions for the DataPower operand properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + channels: + description: Available DataPower firmware channels items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: Defines a DataPower Channel properties: - key: - description: key is the label key that the selector - applies to. + name: + description: Name of the channel type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + required: + - name + type: object + type: array + versions: + description: Available DataPower firmware versions + items: + description: Defines a DataPower Version + properties: + name: + description: Name of the version type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array required: - - key - - operator + - name type: object type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object + required: + - channels + - versions type: object - size: - anyOf: - - type: integer - - type: string - description: 'Size is the amount of storage that should be requested - Expected format is #Gi' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: Type is the type of storage, options are ephemeral - and persistent - enum: - - ephemeral - - persistent - type: string - volumeMode: - description: VolumeMode switches between block and filesystem - storage; valid for persistent type only - type: string - required: - - path - - type - type: object - type: array - tolerations: - description: Toleration settings for scheduling DataPower Pods - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - users: - description: List of DataPower Users - items: - description: DataPowerUsersSpec defines the desired state of DataPowerUsers - properties: - accessLevel: - description: User access level - enum: - - group-defined - - privileged - type: string - group: - description: User group - type: string - name: - description: Name of the user - minLength: 1 - type: string - passwordSecret: - description: Secret containing user's credentials - minLength: 1 - type: string - required: - - accessLevel - - name - - passwordSecret - type: object - type: array - version: - description: DataPower firmware version Can refer to specific version, - i.e. 10.0.0.1, or a channel, i.e. 10.0-lts. - minLength: 1 - type: string - required: - - license - - replicas - - users - - version - type: object - status: - description: DataPowerServiceStatus defines the observed state of DataPowerService - properties: - conditions: - description: Conditions represent the latest available observations - of the DataPowerService's state - items: - description: "Condition represents an observation of an object's - state. Conditions are an extension mechanism intended to be used - when the details of an observation are not a priori known or would - not apply to all instances of a given Kind. \n Conditions should - be added to explicitly convey properties that users and components - care about rather than requiring those properties to be inferred - from other observations. Once defined, the meaning of a Condition - can not be changed arbitrarily - it becomes part of the API, and - has the same backwards- and forwards-compatibility concerns of - any other part of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and - is typically a CamelCased word or short phrase. \n Condition - types should indicate state in the \"abnormal-true\" polarity. - For example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - customImages: - description: True when a custom DataPower image is being used - type: boolean - mgmtPorts: - description: List of ports for DataPower management interfaces - items: - description: Defines a DataPower Management Port - properties: - name: - description: Name of the management service + reconciled: + description: Reconciled version of the DataPower operand type: string - port: - description: Port of the management service - format: int32 - type: integer required: - - name - - port + - available + - reconciled type: object - type: array - nodes: - description: List of pods (by name) in the statefulset - items: - type: string - type: array - phase: - description: Phase of the DataPowerService instance - enum: - - Pending - - Running - - Failed - type: string - versions: - description: Reconciled and available versions - properties: - available: - description: Available versions for the DataPower operand - properties: - channels: - description: Available DataPower firmware channels - items: - description: Defines a DataPower Channel - properties: - name: - description: Name of the channel - type: string - required: - - name - type: object - type: array - versions: - description: Available DataPower firmware versions - items: - description: Defines a DataPower Version - properties: - name: - description: Name of the version - type: string - required: - - name - type: object - type: array - required: - - channels - - versions - type: object - reconciled: - description: Reconciled version of the DataPower operand - type: string - required: - - available - - reconciled - type: object - required: - - conditions - - customImages - - mgmtPorts - - phase - - versions - type: object - type: object - served: true - storage: true + required: + - conditions + - customImages + - mgmtPorts + - phase + - versions + type: object + type: object + served: true + storage: true + subresources: + status: {} + preserveUnknownFields: false status: acceptedNames: kind: "" diff --git a/charts/stable/datapower-operator/static/role_rules.yaml b/charts/stable/datapower-operator/static/role_rules.yaml new file mode 100644 index 0000000..f9ccb36 --- /dev/null +++ b/charts/stable/datapower-operator/static/role_rules.yaml @@ -0,0 +1,120 @@ +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - update + - watch + - patch + - list +- apiGroups: + - "" + resources: + - pods + - pods/exec + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - datapower-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoringcontroller.cloud.ibm.com + resources: + - monitoringdashboards + verbs: + - create + - get + - list + - watch +- apiGroups: + - cp4i.ibm.com + resources: + - cp4iservicesbindings + verbs: + - create + - get + - list + - watch + - patch + - update + - delete diff --git a/charts/stable/datapower-operator/templates/_helpers.tpl b/charts/stable/datapower-operator/templates/_helpers.tpl index 6437c87..5477309 100644 --- a/charts/stable/datapower-operator/templates/_helpers.tpl +++ b/charts/stable/datapower-operator/templates/_helpers.tpl @@ -107,3 +107,46 @@ value: "" {{- end -}} {{- end -}} +{{/* +datapower-operator.getMultiNamespacesString +Produces a string version of the watchNamespaces list +*/}} +{{- define "datapower-operator.getMultiNamespacesString" -}} +{{- range $.Values.operator.watchNamespaces -}}{{ printf "%s " . }}{{ end -}} +{{- end -}} + +{{/* +datapower-operator.getMultiNamespaces +Return a whitespace separated list of namespaces for the MultiNamespace installMode +the Operator should install Roles and RoleBindings into. If the list of watched +namespaces does not include the installation namespace, it is added into the list +as the Operator requires a Role in the namespace in which it is installed. +*/}} +{{- define "datapower-operator.getMultiNamespaces" -}} +{{- $containsNamespace := "false" -}} +{{- range $.Values.operator.watchNamespaces -}} +{{- if eq . $.Release.Namespace -}} +{{- $containsNamespace = "true" -}} +{{- end -}} +{{- end -}} +{{- if eq $containsNamespace "false" -}} +{{ include "datapower-operator.getMultiNamespacesString" . }}{{ $.Release.Namespace -}} +{{- else -}} +{{ (include "datapower-operator.getMultiNamespacesString" .) | trimSuffix " " -}} +{{- end -}} +{{- end -}} + +{{/* +datapower-operator.getSingleNamespaces +Return a whitelist separated list of namespaces for the SingleNamespace installMode +the Operator should install Roles and RoleBindings into. If the top watchNamespace +is not also the installation namespace, this returns a list of the two. Otherwise, +just the installation namespace is returned. +*/}} +{{- define "datapower-operator.getSingleNamespaces" -}} +{{- if eq (index $.Values.operator.watchNamespaces 0) $.Release.Namespace -}} +{{- printf "%s" (index $.Values.operator.watchNamespaces 0) -}} +{{- else -}} +{{- printf "%s %s" (index $.Values.operator.watchNamespaces 0) $.Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/charts/stable/datapower-operator/templates/cluster_role.yaml b/charts/stable/datapower-operator/templates/cluster_role.yaml index e224959..10de751 100644 --- a/charts/stable/datapower-operator/templates/cluster_role.yaml +++ b/charts/stable/datapower-operator/templates/cluster_role.yaml @@ -17,7 +17,13 @@ rules: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - - '*' + - create + - delete + - get + - list + - patch + - update + - watch # needed for reconciliation of the admission controllers - apiGroups: @@ -92,3 +98,16 @@ rules: - patch - update - watch + +# Needed for OCP platform checks +- apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + +{{- if eq .Values.operator.installMode "AllNamespaces" }} +# If installMode is AllNamespaces, we should use the cluster role for everything. +{{ $.Files.Get "static/role_rules.yaml" }} +{{- end }} diff --git a/charts/stable/datapower-operator/templates/operator.yaml b/charts/stable/datapower-operator/templates/operator.yaml index c847e39..7445dd2 100644 --- a/charts/stable/datapower-operator/templates/operator.yaml +++ b/charts/stable/datapower-operator/templates/operator.yaml @@ -22,11 +22,11 @@ spec: app.kubernetes.io/name: datapower-operator app.kubernetes.io/managed-by: datapower-operator annotations: - productID: datapower-operator + productID: "64a541a8e6d44869ba790cbafb937f7a" productName: "IBM DataPower Operator" productMetric: "FREE" productChargedContainers: "" - productVersion: 1.1.1 + productVersion: 1.2.0 spec: affinity: nodeAffinity: diff --git a/charts/stable/datapower-operator/templates/role_MultiNamespace.yaml b/charts/stable/datapower-operator/templates/role_MultiNamespace.yaml new file mode 100644 index 0000000..6c98d19 --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_MultiNamespace.yaml @@ -0,0 +1,18 @@ +{{- if eq .Values.operator.installMode "MultiNamespace" }} +{{ $namespaces := (include "datapower-operator.getMultiNamespaces" .) | split " " }} +{{- range $namespaces -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" $ }} + namespace: {{ . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/managed-by: datapower-operator +rules: +{{ $.Files.Get "static/role_rules.yaml" }} +--- +{{- end }} +{{- end }} diff --git a/charts/stable/datapower-operator/templates/role_OwnNamespace.yaml b/charts/stable/datapower-operator/templates/role_OwnNamespace.yaml new file mode 100644 index 0000000..04ee94b --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_OwnNamespace.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.operator.installMode "OwnNamespace" }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" . }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" . }} + app.kubernetes.io/managed-by: datapower-operator +rules: +{{ $.Files.Get "static/role_rules.yaml" }} +{{- end }} diff --git a/charts/stable/datapower-operator/templates/role_SingleNamespace.yaml b/charts/stable/datapower-operator/templates/role_SingleNamespace.yaml new file mode 100644 index 0000000..11ff0d0 --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_SingleNamespace.yaml @@ -0,0 +1,18 @@ +{{- if eq .Values.operator.installMode "SingleNamespace" }} +{{- $namespaces := (include "datapower-operator.getSingleNamespaces" .) | split " " -}} +{{- range $namespaces -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" $ }} + namespace: {{ . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/managed-by: datapower-operator +rules: +{{ $.Files.Get "static/role_rules.yaml" }} +--- +{{- end -}} +{{- end }} diff --git a/charts/stable/datapower-operator/templates/role_binding_MultiNamespace.yaml b/charts/stable/datapower-operator/templates/role_binding_MultiNamespace.yaml new file mode 100644 index 0000000..b1660cd --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_binding_MultiNamespace.yaml @@ -0,0 +1,24 @@ +{{- if eq .Values.operator.installMode "MultiNamespace" -}} +{{ $namespaces := (include "datapower-operator.getMultiNamespaces" .) | split " " }} +{{- range $namespaces -}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" $ }} + namespace: {{ . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/managed-by: datapower-operator +subjects: +- kind: ServiceAccount + name: datapower-operator + namespace: {{ $.Release.Namespace }} +roleRef: + kind: Role + name: {{ template "datapower-operator.namespacedname" $ }} + apiGroup: rbac.authorization.k8s.io +--- +{{- end -}} +{{- end -}} diff --git a/charts/stable/datapower-operator/templates/role_binding_OwnNamespace.yaml b/charts/stable/datapower-operator/templates/role_binding_OwnNamespace.yaml new file mode 100644 index 0000000..d3f26bb --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_binding_OwnNamespace.yaml @@ -0,0 +1,20 @@ +{{ if eq .Values.operator.installMode "OwnNamespace" }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" . }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" . }} + app.kubernetes.io/managed-by: datapower-operator +subjects: +- kind: ServiceAccount + name: datapower-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "datapower-operator.namespacedname" . }} + apiGroup: rbac.authorization.k8s.io + +{{- end }} diff --git a/charts/stable/datapower-operator/templates/role_binding_SingleNamespace.yaml b/charts/stable/datapower-operator/templates/role_binding_SingleNamespace.yaml new file mode 100644 index 0000000..5876131 --- /dev/null +++ b/charts/stable/datapower-operator/templates/role_binding_SingleNamespace.yaml @@ -0,0 +1,24 @@ +{{ if eq .Values.operator.installMode "SingleNamespace" }} +{{ $namespaces := (include "datapower-operator.getSingleNamespaces" .) | split " " -}} +{{ range $namespaces -}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + creationTimestamp: null + name: {{ template "datapower-operator.namespacedname" $ }} + namespace: {{ . }} + labels: + app.kubernetes.io/instance: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/name: {{ template "datapower-operator.namespacedname" $ }} + app.kubernetes.io/managed-by: datapower-operator +subjects: +- kind: ServiceAccount + name: datapower-operator + namespace: {{ $.Release.Namespace }} +roleRef: + kind: Role + name: {{ template "datapower-operator.namespacedname" $ }} + apiGroup: rbac.authorization.k8s.io +--- +{{- end -}} +{{- end -}}