diff --git a/Dockerfile b/Dockerfile index 55ed621..719274a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,11 @@ FROM python:slim-bullseye WORKDIR / -RUN /bin/sh -c set -eux;\ - apt-get update;\ - apt-get install -y curl +RUN apt-get update \ + && apt-get install -y --no-install-recommends crul mysql-client-5.7 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + # install cldi COPY --from=registry.devops.rivtower.com/cita-cloud/cloud-cli:latest /usr/bin/cldi /usr/local/bin/ @@ -13,6 +15,4 @@ RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/s RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # install modules -RUN pip install tenacity -RUN pip install PyYaml -RUN pip install kubernetes +RUN pip install tenacity PyYaml kubernetes pymysql diff --git a/test/cleanup/scripts/delete_chain.sh b/test/cleanup/scripts/delete_chain.sh index 85f40af..6cb01f3 100755 --- a/test/cleanup/scripts/delete_chain.sh +++ b/test/cleanup/scripts/delete_chain.sh @@ -20,7 +20,30 @@ kubectl delete -f test/resource/$CHAIN_TYPE -n $NAMESPACE --recursive kubectl delete -f test/operations/resource/$CHAIN_TYPE -n $NAMESPACE --recursive -kubectl delete -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s -kubectl delete pvc datadir-minio-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc -n $NAMESPACE -l app.kubernetes.io/chain-name=$CHAIN_NAME + +if [ "$CHAIN_TYPE" = "raft" ]; then + kubectl delete -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete pvc datadir-minio-0 -n $NAMESPACE --request-timeout=30s +fi + +if [ "$CHAIN_TYPE" = "overlord" ]; then + # delete strimzi kafka and kafka-bridge + sed -i "s/xxxxxx/$NAMESPACE/g" test/resource/kafka/strimzi.yaml + kubectl delete -f test/resource/kafka/kafka-bridge.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/kafka/kafka-single-node.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/kafka/strimzi.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete pvc data-0-my-cluster-dual-role-0 -n $NAMESPACE --request-timeout=30s + + # delete doris + sed -i "s/xxxxxx/$NAMESPACE/g" test/resource/doris/operator.yaml + kubectl delete -f test/resource/doris/doriscluster-sample-storageclass.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/doris/operator.yaml --request-timeout=30s + kubectl delete -f test/resource/doris/doris.selectdb.com_dorisclusters.yaml --request-timeout=30s + kubectl delete pvc belog-doriscluster-sample-storageclass1-be-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc betest-doriscluster-sample-storageclass1-be-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc felog-doriscluster-sample-storageclass1-fe-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc fetest-doriscluster-sample-storageclass1-fe-0 -n $NAMESPACE --request-timeout=30s +fi diff --git a/test/operations/resource/overlord/test-chain-overlord-node4/cm-account.yaml b/test/operations/resource/overlord/test-chain-overlord-node4/cm-account.yaml index 3705de9..f0ca750 100644 --- a/test/operations/resource/overlord/test-chain-overlord-node4/cm-account.yaml +++ b/test/operations/resource/overlord/test-chain-overlord-node4/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NGRjODNhMTRkMDlhMDgxMjhmNjU4MmY2YjI1N2NlOGZiYTNkZTcxZjJmZjM2MTcxMzBiNWU4M2NlZThkYWY2Nw== + private_key: NmZlZTFjNGU2M2JiYmRlMmExNWMwOTc5M2RmYzNmZWI4ZTM0OTQyNzk4MTg1MTczOWE0MGY5YzAwZjc3MmY0OQ== data: - node_address: d866ae8e99bd44c10a072d3540e9cf9568b21f75 - validator_address: 97c6676095e6132108e27653429b8d5e235f31d62529d34d0822dee3d83490df6f5fd5f02b855377cd57e402a87d77c3 + node_address: 03e7c8ae36973ba152df8954721bd618f1c85b60 + validator_address: a68865c8a7f416b999b0aa597cbc877393b63d47b5e214a9a001cf925bdc473ae3b814938f4eac2951beb02114500249 metadata: labels: app.kubernetes.io/chain-name: test-chain-overlord diff --git a/test/operations/resource/overlord/test-chain-overlord-node4/cm-config.yaml b/test/operations/resource/overlord/test-chain-overlord-node4/cm-config.yaml index bcd211b..38016e9 100644 --- a/test/operations/resource/overlord/test-chain-overlord-node4/cm-config.yaml +++ b/test/operations/resource/overlord/test-chain-overlord-node4/cm-config.yaml @@ -5,27 +5,27 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdTCCARqgAwIBAgIUVvLZ6RqSgFcFc7iP8IeuJRTbi5EwCgYIKoZIzj0EAwIw + MIIBdDCCARqgAwIBAgIUe/Li6ogJuBqbYfIBoIRixxRVx+cwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ndjr/OcAE0uyIZpgnzMzwu6 - TdVBFSK0IdZHlie3q4pSpEG1eQJVzgcOGemPsiTdvAqrk8pf5Fl2OYoFRC1eNqMy - MDAwHQYDVR0OBBYEFNby2ekakoBXBXO4j/CHriUU24uRMA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSQAwRgIhALrPyzxBp/G+x6ErrUG3OkSx/NYA4l0JgTWh - 5X5Cc07yAiEAjIQZp1Y8E166rCHE2zfyHLPDZ0OLdQrFhRR+k1stqGc= + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvTA++E8lK6KJKUIMMUQM5tfH + BiyyA+B85dYkfiEFARPcFaqTYl1UCe581C6GWUi36/ZLmgozYKbL/Pre63AkI6My + MDAwHQYDVR0OBBYEFPvy4uqICbgam2HyAaCEYscUVcfnMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSAAwRQIhANb1AaJm6x7ii70cnrdNCbgI2roN+/PqGqKv + 01C8GiXaAiAbU7sVNkrPZqxYmWjBrShFfhdMr3LbzGwXMd5l3Whc0w== -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBgjCCASegAwIBAgIURLDwVlb+rLAu3Wuw8x28t9rhV+4wCgYIKoZIzj0EAwIw + MIIBgTCCASegAwIBAgIUBmMbXOjZKvSjcaRFbieyXxqfYt4wCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDYxEDAOBgNVBAoMB0NJVEFIdWIxIjAgBgNVBAMT GXRlc3QtY2hhaW4tb3ZlcmxvcmQtbm9kZTQwWTATBgcqhkjOPQIBBggqhkjOPQMB - BwNCAATdD+Gs+8gu1ArPyqk1AwyTTRCPN+lp1rOYg0p4VaRzSuF3ZjuWOxmJBAww - TdN/BTm3EWRHMAPVSj17QJuRgcjhoygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu - LW92ZXJsb3JkLW5vZGU0MAoGCCqGSM49BAMCA0kAMEYCIQDXPDOjyR6H5yWzy9fe - +HRysNvLE0hjejno3QUhYTgcegIhAMQ8Ix0jRul8ECmQRJA5WXoLTL+Bph1zSpVA - HY7dgeS8 + BwNCAATV+2qaXlc/54I5/0o2DtlJK1+vtERYdEk3l8rYiYLOj3bJ3FnJE8oDlvim + smbMgC/xnN6ayKjowchPZHec+5eKoygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu + LW92ZXJsb3JkLW5vZGU0MAoGCCqGSM49BAMCA0gAMEUCIBHLIbuw1OeLCa2yv8qz + 8g6HB3/w6vHFMXwSacmSQvpkAiEA1qDDGxyRHsi4/jzOvb16+seMiR5W2bsG0vxG + KBbWAkE= -----END CERTIFICATE----- """ chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" @@ -37,9 +37,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgcsxzz5Xz3iyD7zTb - oKjROXzGZwiNdk6N5RY1pas5LWahRANCAATdD+Gs+8gu1ArPyqk1AwyTTRCPN+lp - 1rOYg0p4VaRzSuF3ZjuWOxmJBAwwTdN/BTm3EWRHMAPVSj17QJuRgcjh + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6tlu9Dw6+Acoh4hS + pTDUXFzWc7UDdYPCoYmhsAGDQOChRANCAATV+2qaXlc/54I5/0o2DtlJK1+vtERY + dEk3l8rYiYLOj3bJ3FnJE8oDlvimsmbMgC/xnN6ayKjowchPZHec+5eK -----END PRIVATE KEY----- """ protocol = "quic" @@ -111,13 +111,17 @@ data: storage_port = 50003 [storage_opendal.cloud_storage] - access_key_id = "admin" - bucket = "cita-cloud" - endpoint = "http://minio:9000" - region = "cn-east-1" - root = "overlord" - secret_access_key = "testtest" - service_type = "s3" + access_key_id = "" + bucket = "" + endpoint = "" + region = "" + root = "" + secret_access_key = "" + service_type = "" + + [storage_opendal.exporter] + base_path = "http://my-bridge-bridge-service:8080" + chain_name = "test-chain-overlord" [storage_opendal.log_config] filter = "info" @@ -126,7 +130,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332160572 + timestamp = 1718694928407 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -135,10 +139,10 @@ data: chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" quota_limit = 1073741824 validators = [ - "91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2", - "88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0", - "95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533", - "a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9", + "95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343", + "902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52", + "8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006", + "9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a", ] version = 0 diff --git a/test/operations/resource/raft/test-chain-raft-node4/cm-account.yaml b/test/operations/resource/raft/test-chain-raft-node4/cm-account.yaml index b7292ed..84da81c 100644 --- a/test/operations/resource/raft/test-chain-raft-node4/cm-account.yaml +++ b/test/operations/resource/raft/test-chain-raft-node4/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: MzQzMGY2ZDIzNmEzNmJkNjYwNDY0MjM2Yzk2YTMzYjY1MTJmMzExZmM3ODQ1NWNkMzI1NTRkZmZjMGEyZWM1MA== + private_key: NjlmYWQ2NGZjMjNiNTlkMDMzMjgwNWFiYTAyOWJiZmY2ZjBmNjgwOGYzOTU5NzI4NWQ3Y2VlMDlhMjk3ZmU1YQ== data: - node_address: 28441a2271581a92e7d12e0c575ed27e10cb63e8 - validator_address: 28441a2271581a92e7d12e0c575ed27e10cb63e8 + node_address: 3e03dcb9b712140cb1ccd253d9b363af1046c0bf + validator_address: 3e03dcb9b712140cb1ccd253d9b363af1046c0bf metadata: labels: app.kubernetes.io/chain-name: test-chain-raft diff --git a/test/operations/resource/raft/test-chain-raft-node4/cm-config.yaml b/test/operations/resource/raft/test-chain-raft-node4/cm-config.yaml index 658730e..2722a0e 100644 --- a/test/operations/resource/raft/test-chain-raft-node4/cm-config.yaml +++ b/test/operations/resource/raft/test-chain-raft-node4/cm-config.yaml @@ -5,26 +5,26 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdDCCARqgAwIBAgIUCjGECYVzGsUYw40WazW4OD3mP7swCgYIKoZIzj0EAwIw + MIIBdTCCARqgAwIBAgIUYj0sVWTdTX6qaQkeBB3J2T+j6qAwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeKmAjEqtuu1TgHdoW2HBAxl - 0VobxKLIsRcdnNxE37sg+5QeQZhdVm2Br8TLNJ1ZbaQYmuDbgHq2rYto67KPfKMy - MDAwHQYDVR0OBBYEFIoxhAmFcxrFGMONFms1uDg95j+7MA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSAAwRQIgc48PEcKNylJ0B515Lw1ERKLPxZgJnx/gRi2p - 31TF5A8CIQCCU1YdO6sYHqZRnjyuOTfUNZW4S/rHwRZEUQkF06tYKQ== + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5PRdPVbTQfp2+nJQ0eEsIVt/ + a2/WXIYl4cDnMXWio68l+6k/EsslZLTJHiNPka38LrqW0AoGGLGxTcZFRVA5q6My + MDAwHQYDVR0OBBYEFGI9LFVk3U1+qmkJHgQdydk/o+qgMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSQAwRgIhAPUhpvQxM49ld1Xypr4qeK0lz+2kKe3Fb15J + jNa4WIX+AiEAnV7/ewGQ3iUzLbwRfu9EeU81HKbCvKZd3Bek8Zke7aU= -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBeDCCAR+gAwIBAgIUBFF1DqdN8pTuOztnkrFTmhA+1SIwCgYIKoZIzj0EAwIw + MIIBeTCCAR+gAwIBAgIUYp1v+dXarKYRIdEoN+X5OnhxKkwwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDIxEDAOBgNVBAoMB0NJVEFIdWIxHjAcBgNVBAMT FXRlc3QtY2hhaW4tcmFmdC1ub2RlNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA - BHKQIxwzNJRHLZHaKrqZx8KMigJTwvsTk9aVl8/uR53GwjBOcUPdwI4DJ1wmhmLc - i08TSJWa8yHLjM1TX2HN3sGjJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm - dC1ub2RlNDAKBggqhkjOPQQDAgNHADBEAiAmgJgFJoecExiW0dLJp0xc1WRkfUdA - KPpiZEJW9N3p8QIgdJjGN8VAA/gKde5mSxlOoabqWEB63DpnQ+glyCbukIE= + BFZdgMsT1tBeFllomy2Ad8WrAVsd3PUGiD5IiiaEcTKTB2OoTCd/c/H7bpZv433b + lTZMs2Is3IWOQctFaUS6N5WjJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm + dC1ub2RlNDAKBggqhkjOPQQDAgNIADBFAiBEkTrPkihLoqYFXbs3d50S6VRlwS16 + HcurpYBig4QB1AIhAMNimT+4CFWfZcDo0aYatOEOEUefLvqPUP2LHSc14UTv -----END CERTIFICATE----- """ chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" @@ -36,9 +36,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgODsdwpVGtgy4M4Vl - 0x/n+abpSysYzi76++yvkJVJCV+hRANCAARykCMcMzSURy2R2iq6mcfCjIoCU8L7 - E5PWlZfP7kedxsIwTnFD3cCOAydcJoZi3ItPE0iVmvMhy4zNU19hzd7B + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2nbd2OfBO++wHQVy + RLGKYEpPFFyItAFF/+HdTeVKddShRANCAARWXYDLE9bQXhZZaJstgHfFqwFbHdz1 + Bog+SIomhHEykwdjqEwnf3Px+26Wb+N925U2TLNiLNyFjkHLRWlEujeV -----END PRIVATE KEY----- """ protocol = "quic" @@ -114,6 +114,10 @@ data: secret_access_key = "testtest" service_type = "s3" + [storage_opendal.exporter] + base_path = "" + chain_name = "test-chain-raft" + [storage_opendal.log_config] filter = "info" max_level = "info" @@ -121,7 +125,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332166410 + timestamp = 1718694932661 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -130,10 +134,10 @@ data: chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" quota_limit = 1073741824 validators = [ - "ac9a0cd0a9e60519b1575158044843dabeec1276", - "d5cc5d9443a4c1d8c0f3fc9650538981d8582adf", - "1355af5612e81327151faa0fe76fadeed495444a", - "90a7e0b542cf5ce4997b6b043f6771b1da1e7790", + "a5093b0b475af7f69997ff014a302f6b96a7083b", + "3decec23d841675a4ab21653cc4f5f0b13fb5e3c", + "05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2", + "66b0ca5b80cf7e0639ab03130dead022112a703b", ] version = 0 diff --git a/test/operator/scripts/0_rollback.py b/test/operator/scripts/0_rollback.py index 98de2c2..440e796 100644 --- a/test/operator/scripts/0_rollback.py +++ b/test/operator/scripts/0_rollback.py @@ -10,6 +10,10 @@ from logger import logger if __name__ == "__main__": + if os.getenv("CHAIN_TYPE") == "overlord": + print("overlord chain don't need to execute this test") + exit(0) + old_bn = util.get_block_number() logger.info("the block number before rollback is: {}".format(old_bn)) diff --git a/test/operator/scripts/1_rollback_with_delete_consensus.py b/test/operator/scripts/1_rollback_with_delete_consensus.py index 53dcb19..a1ee22f 100644 --- a/test/operator/scripts/1_rollback_with_delete_consensus.py +++ b/test/operator/scripts/1_rollback_with_delete_consensus.py @@ -55,6 +55,9 @@ def get_nodes(chain_name: str, namespace: str) -> List[Node]: def main(): + if os.getenv("CHAIN_TYPE") == "overlord": + print("overlord chain don't need to execute this test") + exit(0) old_bn = util.get_block_number() logger.info("the block number before rollback is: {}".format(old_bn)) nodes = get_nodes(chain_name=os.getenv("CHAIN_NAME"), namespace=os.getenv("NAMESPACE")) diff --git a/test/operator/scripts/2_backup.py b/test/operator/scripts/2_backup.py index 52a67a4..cc6aa8c 100644 --- a/test/operator/scripts/2_backup.py +++ b/test/operator/scripts/2_backup.py @@ -10,6 +10,10 @@ from logger import logger if __name__ == "__main__": + if os.getenv("CHAIN_TYPE") == "overlord": + print("overlord chain don't need to execute this test") + exit(0) + old_bn = util.get_block_number() logger.info("the block number before backup is: {}".format(old_bn)) diff --git a/test/operator/scripts/3_export.py b/test/operator/scripts/3_export.py index 00ac6ea..efbce37 100644 --- a/test/operator/scripts/3_export.py +++ b/test/operator/scripts/3_export.py @@ -10,6 +10,10 @@ from logger import logger if __name__ == "__main__": + if os.getenv("CHAIN_TYPE") == "overlord": + print("overlord chain don't need to execute this test") + exit(0) + old_bn = util.get_block_number() logger.info("the block number before backup is: {}".format(old_bn)) diff --git a/test/performance/scripts/test-latency.py b/test/performance/scripts/test-latency.py new file mode 100644 index 0000000..f4aab8f --- /dev/null +++ b/test/performance/scripts/test-latency.py @@ -0,0 +1,60 @@ + +import os +import json +import subprocess +import time +import pymysql + +if os.getenv("CHAIN_TYPE") == "raft": + print("raft chain don't need to execute exporter latency test") + exit(0) + +# send tx and get tx hash +cmd = "cldi -c default send 0xffffffffffffffffffffffffffffffffff010000 0xabcd" +tx_hash = subprocess.getoutput(cmd).strip() +print(tx_hash) +time1 = time.time() +print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time1))) + +# get receipt +while True: + time.sleep(1) + cmd = "cldi -c default get receipt {}".format(tx_hash) + result = subprocess.getoutput(cmd) + if not result.__contains__("Error"): + receipt = json.loads(result) + print(receipt) + time2 = time.time() + print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time2))) + break + +# query from doris +# 打开数据库连接 +doris_host="doriscluster-sample-storageclass1-fe-internal.{}.svc.cluster.local".format(os.getenv("NAMESPACE")) +db = pymysql.connect(host=doris_host, + port=9030, + user='root', + password='', + database='citacloud') + +# 使用 cursor() 方法创建一个游标对象 cursor +cursor = db.cursor() + +# 使用 execute() 方法执行 SQL 查询 +hash = "\"{}\"".format(tx_hash[2:]) + +while True: + time.sleep(1) + cursor.execute("SELECT * from receipts where tx_hash={}".format(hash)) + results = cursor.fetchall() + if results: + print(results) + time3 = time.time() + print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time3))) + break + +db.close() + +print("Done") +print("finalize latency: ", time2 - time1) +print("export latency: ", time3 - time2) diff --git a/test/prepare/scripts/create_chain.sh b/test/prepare/scripts/create_chain.sh index 86fa2eb..00ac37f 100755 --- a/test/prepare/scripts/create_chain.sh +++ b/test/prepare/scripts/create_chain.sh @@ -22,12 +22,61 @@ cldi account import 0xb2371a70c297106449f89445f20289e6d16942f08f861b5e95cbcf0462 kubectl create namespace $NAMESPACE +if [ "$CHAIN_TYPE" = "raft" ]; then + # recreate s3:minio + sed -i "s/xxxxxx/$SC/g" test/resource/minio.yaml + kubectl delete -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete pvc datadir-minio-0 -n $NAMESPACE --request-timeout=30s + kubectl apply -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s +fi + +if [ "$CHAIN_TYPE" = "overlord" ]; then + # recreate strimzi kafka and kafka-bridge + sed -i "s/xxxxxx/$NAMESPACE/g" test/resource/kafka/strimzi.yaml + kubectl delete -f test/resource/kafka/kafka-bridge.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/kafka/kafka-single-node.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/kafka/strimzi.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete pvc data-0-my-cluster-dual-role-0 -n $NAMESPACE --request-timeout=30s + + kubectl create -f test/resource/kafka/strimzi.yaml -n $NAMESPACE --request-timeout=30s + kubectl wait deployment/strimzi-cluster-operator --for=condition=Available=True --timeout=300s -n $NAMESPACE + kubectl apply -f test/resource/kafka/kafka-single-node.yaml -n $NAMESPACE --request-timeout=30s + kubectl wait kafka/my-cluster --for=condition=Ready --timeout=300s -n $NAMESPACE + kubectl apply -f test/resource/kafka/kafka-bridge.yaml -n $NAMESPACE --request-timeout=30s + kubectl wait deployment/my-bridge-bridge --for=condition=Available=True --timeout=300s -n $NAMESPACE + + # create kafka topic + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.blocks --bootstrap-server my-cluster-kafka-bootstrap:9092 + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.txs --bootstrap-server my-cluster-kafka-bootstrap:9092 + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.utxos --bootstrap-server my-cluster-kafka-bootstrap:9092 + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.system-config --bootstrap-server my-cluster-kafka-bootstrap:9092 + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.receipts --bootstrap-server my-cluster-kafka-bootstrap:9092 + kubectl exec -n $NAMESPACE -it my-cluster-dual-role-0 -c kafka -- bin/kafka-topics.sh --create --topic cita-cloud.test-chain-overlord.logs --bootstrap-server my-cluster-kafka-bootstrap:9092 + + # recreate doris + sed -i "s/xxxxxx/$NAMESPACE/g" test/resource/doris/operator.yaml + kubectl delete -f test/resource/doris/doriscluster-sample-storageclass.yaml -n $NAMESPACE --request-timeout=30s + kubectl delete -f test/resource/doris/operator.yaml --request-timeout=30s + kubectl delete -f test/resource/doris/doris.selectdb.com_dorisclusters.yaml --request-timeout=30s + kubectl delete pvc belog-doriscluster-sample-storageclass1-be-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc betest-doriscluster-sample-storageclass1-be-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc felog-doriscluster-sample-storageclass1-fe-0 -n $NAMESPACE --request-timeout=30s + kubectl delete pvc fetest-doriscluster-sample-storageclass1-fe-0 -n $NAMESPACE --request-timeout=30s + + kubectl create -f test/resource/doris/doris.selectdb.com_dorisclusters.yaml --request-timeout=30s + kubectl apply -f test/resource/doris/operator.yaml --request-timeout=30s + kubectl wait deployment/doris-operator --for=condition=Available=True --timeout=300s -n $NAMESPACE + kubectl apply -f test/resource/doris/doriscluster-sample-storageclass.yaml -n $NAMESPACE --request-timeout=30s + sleep 3 + kubectl wait pod/doriscluster-sample-storageclass1-fe-0 --for=condition=Ready=True --timeout=300s -n $NAMESPACE + sleep 3 + kubectl wait pod/doriscluster-sample-storageclass1-be-0 --for=condition=Ready=True --timeout=300s -n $NAMESPACE + + # create table and load routine + sed -i "s/xxxxxx/$CHAIN_NAME/g" test/resource/doris/kafka-load.sql + mysql -h doriscluster-sample-storageclass1-fe-internal.$NAMESPACE.svc.cluster.local -P 9030 -u root -e "SOURCE test/resource/doris/kafka-load.sql" +fi -# recreate s3:minio -sed -i "s/xxxxxx/$SC/g" test/resource/minio.yaml -kubectl delete -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s -kubectl delete pvc datadir-minio-0 -n $NAMESPACE --request-timeout=30s -kubectl apply -f test/resource/minio.yaml -n $NAMESPACE --request-timeout=30s # check pod times=60 diff --git a/test/resource/doris/doris.selectdb.com_dorisclusters.yaml b/test/resource/doris/doris.selectdb.com_dorisclusters.yaml new file mode 100644 index 0000000..f21a261 --- /dev/null +++ b/test/resource/doris/doris.selectdb.com_dorisclusters.yaml @@ -0,0 +1,8422 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: dorisclusters.doris.selectdb.com +spec: + group: doris.selectdb.com + names: + kind: DorisCluster + listKind: DorisClusterList + plural: dorisclusters + shortNames: + - dcr + singular: doriscluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.feStatus.componentCondition.phase + name: FeStatus + type: string + - jsonPath: .status.beStatus.componentCondition.phase + name: BeStatus + type: string + - jsonPath: .status.cnStatus.componentCondition.phase + name: CnStatus + type: string + - jsonPath: .status.brokerStatus.componentCondition.phase + name: BrokerStatus + type: string + name: v1 + schema: + openAPIV3Schema: + description: DorisCluster is the Schema for the dorisclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DorisClusterSpec defines the desired state of DorisCluster + properties: + adminUser: + description: administrator for register or drop component from fe + cluster. adminUser for all component register and operator drop + component. + properties: + name: + description: the user name for admin service's node. + type: string + password: + description: password, login to doris db. + type: string + type: object + authSecret: + description: the name of secret that type is `kubernetes.io/basic-auth` + and contains keys username, password for management doris node in + cluster as fe, be register. the password key is `password`. the + username defaults to `root` and is omitempty. + type: string + beSpec: + description: defines the be cluster state pod that will be created + by operator. + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: annotation for fe pods. user can config monitor annotation + for collect to monitor system. + type: object + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + configMapInfo: + description: the reference for cn configMap. + properties: + configMapName: + description: ConfigMapName mapped the configuration files + in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'. + If HDFS access is involved, there may also be 'core-site.xml' + and other files. doris-operator mounts these configuration + files in the '/etc/doris' directory by default. links them + to the 'conf/' directory of the doris component through + soft links. + type: string + configMaps: + description: ConfigMaps can mount multiple configmaps to the + specified path. The mounting path of configmap cannot be + repeated. + items: + properties: + configMapName: + description: name of configmap that needs to mount. + type: string + mountPath: + description: Current ConfigMap Mount Path. If MountConfigMapInfo + belongs to the same ConfigMapInfo, their MountPath + cannot be repeated. + type: string + type: object + type: array + resolveKey: + description: 'Deprecated: This configuration has been abandoned + and will be cleared in version 1.7.0. It is currently forced + to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf'' + It is no longer effective. the configuration content will + not take effect.' + type: string + type: object + containerSecurityContext: + description: Security context for all containers running in the + pod (unless they override it). + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + envVars: + description: cnEnvVars is a slice of environment variables that + are added to the pods, the default is empty. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + feAddress: + description: specify register fe addresses + properties: + ServiceName: + description: the service name that proxy fe on k8s. the service + must in same namespace with fe. + type: string + endpoints: + description: the fe addresses if not deploy by crd, user can + use k8s deploy fe observer. + properties: + :address: + description: the ip or domain array. + items: + type: string + type: array + port: + description: the fe port that for query. the field `query_port` + defines in fe config. + type: integer + type: object + type: object + hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + image: + description: Image for a doris cn deployment. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + nodeSelector: + additionalProperties: + type: string + description: (Optional) If specified, the pod's nodeSelector,displayName="Map + of nodeSelectors to match when scheduling pods on nodes" + type: object + persistentVolumes: + items: + description: PersistentVolume defines volume information and + container mount information. + properties: + annotations: + additionalProperties: + type: string + description: Annotation for PVC pods. Users can adapt the + storage authentication and pv binding of the cloud platform + through configuration. It only takes effect in the first + configuration and cannot be added or modified later. + type: object + mountPath: + description: the mount path for component service. + type: string + name: + description: the volume name associate with + type: string + persistentVolumeClaimSpec: + description: PersistentVolumeClaimSpec is a list of claim + spec about storage that pods are required. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. When the + AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is + specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to + allow that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the + status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + provisioner: + description: defines pvc provisioner + type: string + type: object + type: array + podLabels: + additionalProperties: + type: string + description: podLabels for user selector or classify pods + type: object + replicas: + description: Replicas is the number of desired cn Pod. + format: int32 + minimum: 0 + type: integer + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + securityContext: + description: Security context for pod. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + service: + description: 'expose doris components for accessing. example: + if you want to use `stream load` to load data into doris out + k8s, you can use be service and config different service type + for loading data.' + properties: + annotations: + additionalProperties: + type: string + description: Annotations for using function on different cloud + platform. + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. This field was under-specified + and its meaning varies across implementations, and it cannot + support dual-stack. As of Kubernetes v1.24, users are encouraged + to use implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + servicePorts: + description: ServicePort config service for NodePort access + mode. + items: + description: DorisServicePort for ServiceType=NodePort situation. + properties: + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + need in 30000-32767' + format: int32 + type: integer + targetPort: + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + format: int32 + type: integer + type: object + type: array + type: + description: 'type of service,the possible value for the service + type are : ClusterIP, NodePort, LoadBalancer,ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + serviceAccount: + description: serviceAccount for cn access cloud service. + type: string + systemInitialization: + description: SystemInitialization for fe, be and cn setting system + parameters. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + initImage: + description: Image for doris initialization, default is selectdb/alpine:latest. + type: string + type: object + tolerations: + description: (Optional) Tolerations for scheduling pods onto some + dedicated nodes + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + brokerSpec: + description: defines the broker state that will be created by operator. + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: annotation for fe pods. user can config monitor annotation + for collect to monitor system. + type: object + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + configMapInfo: + description: the reference for cn configMap. + properties: + configMapName: + description: ConfigMapName mapped the configuration files + in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'. + If HDFS access is involved, there may also be 'core-site.xml' + and other files. doris-operator mounts these configuration + files in the '/etc/doris' directory by default. links them + to the 'conf/' directory of the doris component through + soft links. + type: string + configMaps: + description: ConfigMaps can mount multiple configmaps to the + specified path. The mounting path of configmap cannot be + repeated. + items: + properties: + configMapName: + description: name of configmap that needs to mount. + type: string + mountPath: + description: Current ConfigMap Mount Path. If MountConfigMapInfo + belongs to the same ConfigMapInfo, their MountPath + cannot be repeated. + type: string + type: object + type: array + resolveKey: + description: 'Deprecated: This configuration has been abandoned + and will be cleared in version 1.7.0. It is currently forced + to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf'' + It is no longer effective. the configuration content will + not take effect.' + type: string + type: object + containerSecurityContext: + description: Security context for all containers running in the + pod (unless they override it). + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + envVars: + description: cnEnvVars is a slice of environment variables that + are added to the pods, the default is empty. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + feAddress: + description: specify register fe addresses + properties: + ServiceName: + description: the service name that proxy fe on k8s. the service + must in same namespace with fe. + type: string + endpoints: + description: the fe addresses if not deploy by crd, user can + use k8s deploy fe observer. + properties: + :address: + description: the ip or domain array. + items: + type: string + type: array + port: + description: the fe port that for query. the field `query_port` + defines in fe config. + type: integer + type: object + type: object + hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + image: + description: Image for a doris cn deployment. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + kickOffAffinityBe: + description: enable affinity with be , if kickoff affinity, the + operator will set affinity on broker with be. The affinity is + preferred not required. When the user custom affinity the switch + does not take effect anymore. + type: boolean + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + nodeSelector: + additionalProperties: + type: string + description: (Optional) If specified, the pod's nodeSelector,displayName="Map + of nodeSelectors to match when scheduling pods on nodes" + type: object + persistentVolumes: + items: + description: PersistentVolume defines volume information and + container mount information. + properties: + annotations: + additionalProperties: + type: string + description: Annotation for PVC pods. Users can adapt the + storage authentication and pv binding of the cloud platform + through configuration. It only takes effect in the first + configuration and cannot be added or modified later. + type: object + mountPath: + description: the mount path for component service. + type: string + name: + description: the volume name associate with + type: string + persistentVolumeClaimSpec: + description: PersistentVolumeClaimSpec is a list of claim + spec about storage that pods are required. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. When the + AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is + specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to + allow that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the + status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + provisioner: + description: defines pvc provisioner + type: string + type: object + type: array + podLabels: + additionalProperties: + type: string + description: podLabels for user selector or classify pods + type: object + replicas: + description: Replicas is the number of desired cn Pod. + format: int32 + minimum: 0 + type: integer + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + securityContext: + description: Security context for pod. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + service: + description: 'expose doris components for accessing. example: + if you want to use `stream load` to load data into doris out + k8s, you can use be service and config different service type + for loading data.' + properties: + annotations: + additionalProperties: + type: string + description: Annotations for using function on different cloud + platform. + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. This field was under-specified + and its meaning varies across implementations, and it cannot + support dual-stack. As of Kubernetes v1.24, users are encouraged + to use implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + servicePorts: + description: ServicePort config service for NodePort access + mode. + items: + description: DorisServicePort for ServiceType=NodePort situation. + properties: + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + need in 30000-32767' + format: int32 + type: integer + targetPort: + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + format: int32 + type: integer + type: object + type: array + type: + description: 'type of service,the possible value for the service + type are : ClusterIP, NodePort, LoadBalancer,ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + serviceAccount: + description: serviceAccount for cn access cloud service. + type: string + systemInitialization: + description: SystemInitialization for fe, be and cn setting system + parameters. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + initImage: + description: Image for doris initialization, default is selectdb/alpine:latest. + type: string + type: object + tolerations: + description: (Optional) Tolerations for scheduling pods onto some + dedicated nodes + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + cnSpec: + description: defines the cn cluster state that will be created by + operator. + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: annotation for fe pods. user can config monitor annotation + for collect to monitor system. + type: object + autoScalingPolicy: + description: AutoScalingPolicy auto scaling strategy + properties: + hpaPolicy: + description: the policy of cn autoscale. operator use autoscaling + v2. + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target. the struct copy + from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy + code will hide the restriction about HorizontalPodAutoscaler + version and kubernetes releases matching issue. the + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow + to scale down to minReplicas pods, with a 300 second + stabilization window (i.e., the highest recommendation + for the last 300sec is used). + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At + least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past + interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy should + hold true. PeriodSeconds must be greater + than zero and less than or equal to 1800 + (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value MaxPolicySelect is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher + of: * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds No stabilization + is used.' + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At + least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past + interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy should + hold true. PeriodSeconds must be greater + than zero and less than or equal to 1800 + (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value MaxPolicySelect is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + metrics: + description: Metrics specifies how to scale based on a + single metric the struct copy from k8s.io/api/autoscaling/v2beta2/types.go. + the redundancy code will hide the restriction about + HorizontalPodAutoscaler version and kubernetes releases + matching issue. the splice will have unsafe.Pointer + convert, so be careful to edit the struct fileds. + items: + description: MetricSpec specifies how to scale based + on a single metric (only `type` and one other matching + field should be set at once). + properties: + containerResource: + description: container resource refers to a resource + metric (such as those specified in requests and + limits) known to Kubernetes describing a single + container in each pod of the current scale target + (e.g. CPU or memory). Such metrics are built in + to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. This is an alpha feature + and can be enabled by the HPAContainerMetrics + feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric + that is not associated with any Kubernetes object. + It allows autoscaling based on information coming + from components running outside of cluster (for + example length of queue in cloud messaging service, + or QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing + a single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: CrossVersionObjectReference contains + enough information to let you identify the + referred resource. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing + each pod in the current scale target (for example, + transactions-processed-per-second). The values + will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric + (such as those specified in requests and limits) + known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such + metrics are built in to Kubernetes, and have special + scaling options on top of those available to normal + per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented + as a percentage of the requested value + of the resource for the pods. Currently + only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to + a matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + type: object + maxReplicas: + description: the max numbers of target. + format: int32 + type: integer + minReplicas: + description: the min numbers of target. + format: int32 + type: integer + version: + default: v2 + description: version represents the autoscaler version for + cn service. only support v1,,v2 + type: string + type: object + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + configMapInfo: + description: the reference for cn configMap. + properties: + configMapName: + description: ConfigMapName mapped the configuration files + in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'. + If HDFS access is involved, there may also be 'core-site.xml' + and other files. doris-operator mounts these configuration + files in the '/etc/doris' directory by default. links them + to the 'conf/' directory of the doris component through + soft links. + type: string + configMaps: + description: ConfigMaps can mount multiple configmaps to the + specified path. The mounting path of configmap cannot be + repeated. + items: + properties: + configMapName: + description: name of configmap that needs to mount. + type: string + mountPath: + description: Current ConfigMap Mount Path. If MountConfigMapInfo + belongs to the same ConfigMapInfo, their MountPath + cannot be repeated. + type: string + type: object + type: array + resolveKey: + description: 'Deprecated: This configuration has been abandoned + and will be cleared in version 1.7.0. It is currently forced + to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf'' + It is no longer effective. the configuration content will + not take effect.' + type: string + type: object + containerSecurityContext: + description: Security context for all containers running in the + pod (unless they override it). + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + envVars: + description: cnEnvVars is a slice of environment variables that + are added to the pods, the default is empty. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + feAddress: + description: specify register fe addresses + properties: + ServiceName: + description: the service name that proxy fe on k8s. the service + must in same namespace with fe. + type: string + endpoints: + description: the fe addresses if not deploy by crd, user can + use k8s deploy fe observer. + properties: + :address: + description: the ip or domain array. + items: + type: string + type: array + port: + description: the fe port that for query. the field `query_port` + defines in fe config. + type: integer + type: object + type: object + hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + image: + description: Image for a doris cn deployment. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + nodeSelector: + additionalProperties: + type: string + description: (Optional) If specified, the pod's nodeSelector,displayName="Map + of nodeSelectors to match when scheduling pods on nodes" + type: object + persistentVolumes: + items: + description: PersistentVolume defines volume information and + container mount information. + properties: + annotations: + additionalProperties: + type: string + description: Annotation for PVC pods. Users can adapt the + storage authentication and pv binding of the cloud platform + through configuration. It only takes effect in the first + configuration and cannot be added or modified later. + type: object + mountPath: + description: the mount path for component service. + type: string + name: + description: the volume name associate with + type: string + persistentVolumeClaimSpec: + description: PersistentVolumeClaimSpec is a list of claim + spec about storage that pods are required. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. When the + AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is + specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to + allow that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the + status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + provisioner: + description: defines pvc provisioner + type: string + type: object + type: array + podLabels: + additionalProperties: + type: string + description: podLabels for user selector or classify pods + type: object + replicas: + description: Replicas is the number of desired cn Pod. + format: int32 + minimum: 0 + type: integer + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + securityContext: + description: Security context for pod. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + service: + description: 'expose doris components for accessing. example: + if you want to use `stream load` to load data into doris out + k8s, you can use be service and config different service type + for loading data.' + properties: + annotations: + additionalProperties: + type: string + description: Annotations for using function on different cloud + platform. + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. This field was under-specified + and its meaning varies across implementations, and it cannot + support dual-stack. As of Kubernetes v1.24, users are encouraged + to use implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + servicePorts: + description: ServicePort config service for NodePort access + mode. + items: + description: DorisServicePort for ServiceType=NodePort situation. + properties: + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + need in 30000-32767' + format: int32 + type: integer + targetPort: + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + format: int32 + type: integer + type: object + type: array + type: + description: 'type of service,the possible value for the service + type are : ClusterIP, NodePort, LoadBalancer,ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + serviceAccount: + description: serviceAccount for cn access cloud service. + type: string + systemInitialization: + description: SystemInitialization for fe, be and cn setting system + parameters. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + initImage: + description: Image for doris initialization, default is selectdb/alpine:latest. + type: string + type: object + tolerations: + description: (Optional) Tolerations for scheduling pods onto some + dedicated nodes + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + feSpec: + description: defines the fe cluster state that will be created by + operator. + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: annotation for fe pods. user can config monitor annotation + for collect to monitor system. + type: object + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + configMapInfo: + description: the reference for cn configMap. + properties: + configMapName: + description: ConfigMapName mapped the configuration files + in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'. + If HDFS access is involved, there may also be 'core-site.xml' + and other files. doris-operator mounts these configuration + files in the '/etc/doris' directory by default. links them + to the 'conf/' directory of the doris component through + soft links. + type: string + configMaps: + description: ConfigMaps can mount multiple configmaps to the + specified path. The mounting path of configmap cannot be + repeated. + items: + properties: + configMapName: + description: name of configmap that needs to mount. + type: string + mountPath: + description: Current ConfigMap Mount Path. If MountConfigMapInfo + belongs to the same ConfigMapInfo, their MountPath + cannot be repeated. + type: string + type: object + type: array + resolveKey: + description: 'Deprecated: This configuration has been abandoned + and will be cleared in version 1.7.0. It is currently forced + to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf'' + It is no longer effective. the configuration content will + not take effect.' + type: string + type: object + containerSecurityContext: + description: Security context for all containers running in the + pod (unless they override it). + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + electionNumber: + description: the number of fe in election. electionNumber <= replicas, + left as observers. default value=3 + format: int32 + type: integer + envVars: + description: cnEnvVars is a slice of environment variables that + are added to the pods, the default is empty. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + feAddress: + description: specify register fe addresses + properties: + ServiceName: + description: the service name that proxy fe on k8s. the service + must in same namespace with fe. + type: string + endpoints: + description: the fe addresses if not deploy by crd, user can + use k8s deploy fe observer. + properties: + :address: + description: the ip or domain array. + items: + type: string + type: array + port: + description: the fe port that for query. the field `query_port` + defines in fe config. + type: integer + type: object + type: object + hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + image: + description: Image for a doris cn deployment. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + nodeSelector: + additionalProperties: + type: string + description: (Optional) If specified, the pod's nodeSelector,displayName="Map + of nodeSelectors to match when scheduling pods on nodes" + type: object + persistentVolumes: + items: + description: PersistentVolume defines volume information and + container mount information. + properties: + annotations: + additionalProperties: + type: string + description: Annotation for PVC pods. Users can adapt the + storage authentication and pv binding of the cloud platform + through configuration. It only takes effect in the first + configuration and cannot be added or modified later. + type: object + mountPath: + description: the mount path for component service. + type: string + name: + description: the volume name associate with + type: string + persistentVolumeClaimSpec: + description: PersistentVolumeClaimSpec is a list of claim + spec about storage that pods are required. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. When the + AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is + specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to + allow that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the + status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + provisioner: + description: defines pvc provisioner + type: string + type: object + type: array + podLabels: + additionalProperties: + type: string + description: podLabels for user selector or classify pods + type: object + replicas: + description: Replicas is the number of desired cn Pod. + format: int32 + minimum: 0 + type: integer + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + securityContext: + description: Security context for pod. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + service: + description: 'expose doris components for accessing. example: + if you want to use `stream load` to load data into doris out + k8s, you can use be service and config different service type + for loading data.' + properties: + annotations: + additionalProperties: + type: string + description: Annotations for using function on different cloud + platform. + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. This field was under-specified + and its meaning varies across implementations, and it cannot + support dual-stack. As of Kubernetes v1.24, users are encouraged + to use implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + servicePorts: + description: ServicePort config service for NodePort access + mode. + items: + description: DorisServicePort for ServiceType=NodePort situation. + properties: + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + need in 30000-32767' + format: int32 + type: integer + targetPort: + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + format: int32 + type: integer + type: object + type: array + type: + description: 'type of service,the possible value for the service + type are : ClusterIP, NodePort, LoadBalancer,ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + serviceAccount: + description: serviceAccount for cn access cloud service. + type: string + systemInitialization: + description: SystemInitialization for fe, be and cn setting system + parameters. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + initImage: + description: Image for doris initialization, default is selectdb/alpine:latest. + type: string + type: object + tolerations: + description: (Optional) Tolerations for scheduling pods onto some + dedicated nodes + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + type: object + status: + description: DorisClusterStatus defines the observed state of DorisCluster + properties: + beStatus: + description: describe be cluster status, recode running, creating + and failed pods. + properties: + accessService: + description: DorisComponentStatus represents the status of a doris + component. the name of fe service exposed for user. + type: string + componentCondition: + properties: + lastTransitionTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + phase: + description: Phase of statefulset condition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + subResourceName: + type: string + required: + - lastTransitionTime + - message + - phase + - reason + type: object + creatingInstances: + description: CreatingInstances in creating pod names. + items: + type: string + type: array + failedInstances: + description: FailedInstances failed pod names. + items: + type: string + type: array + runningInstances: + description: RunningInstances in running status pod names. + items: + type: string + type: array + required: + - componentCondition + type: object + brokerStatus: + description: describe broker cluster status, record running, creating + and failed pods. + properties: + accessService: + description: DorisComponentStatus represents the status of a doris + component. the name of fe service exposed for user. + type: string + componentCondition: + properties: + lastTransitionTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + phase: + description: Phase of statefulset condition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + subResourceName: + type: string + required: + - lastTransitionTime + - message + - phase + - reason + type: object + creatingInstances: + description: CreatingInstances in creating pod names. + items: + type: string + type: array + failedInstances: + description: FailedInstances failed pod names. + items: + type: string + type: array + runningInstances: + description: RunningInstances in running status pod names. + items: + type: string + type: array + required: + - componentCondition + type: object + cnStatus: + description: describe cn cluster status, record running, creating + and failed pods. + properties: + accessService: + description: DorisComponentStatus represents the status of a doris + component. the name of fe service exposed for user. + type: string + componentCondition: + properties: + lastTransitionTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + phase: + description: Phase of statefulset condition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + subResourceName: + type: string + required: + - lastTransitionTime + - message + - phase + - reason + type: object + creatingInstances: + description: CreatingInstances in creating pod names. + items: + type: string + type: array + failedInstances: + description: FailedInstances failed pod names. + items: + type: string + type: array + horizontalScaler: + description: HorizontalAutoscaler have the autoscaler information. + properties: + name: + description: the deploy horizontal scaler name + type: string + version: + description: the deploy horizontal version. + type: string + type: object + runningInstances: + description: RunningInstances in running status pod names. + items: + type: string + type: array + required: + - componentCondition + type: object + feStatus: + description: describe fe cluster status, record running, creating + and failed pods. + properties: + accessService: + description: DorisComponentStatus represents the status of a doris + component. the name of fe service exposed for user. + type: string + componentCondition: + properties: + lastTransitionTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + phase: + description: Phase of statefulset condition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + subResourceName: + type: string + required: + - lastTransitionTime + - message + - phase + - reason + type: object + creatingInstances: + description: CreatingInstances in creating pod names. + items: + type: string + type: array + failedInstances: + description: FailedInstances failed pod names. + items: + type: string + type: array + runningInstances: + description: RunningInstances in running status pod names. + items: + type: string + type: array + required: + - componentCondition + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/test/resource/doris/doriscluster-sample-storageclass.yaml b/test/resource/doris/doriscluster-sample-storageclass.yaml new file mode 100644 index 0000000..16041b4 --- /dev/null +++ b/test/resource/doris/doriscluster-sample-storageclass.yaml @@ -0,0 +1,72 @@ +# This yaml describe using `storageclass` to provide persistentVolume for fe and be. +# This yaml use default `storageclass` on kubernetes. when use specific storageclass please update then field of storageClassName. +apiVersion: doris.selectdb.com/v1 +kind: DorisCluster +metadata: + labels: + app.kubernetes.io/name: doriscluster + app.kubernetes.io/instance: doriscluster-sample-storageclass + app.kubernetes.io/part-of: doris-operator + name: doriscluster-sample-storageclass1 +spec: + feSpec: + replicas: 1 + image: selectdb/doris.fe-ubuntu:2.1.1 + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + persistentVolumes: + - mountPath: /opt/apache-doris/fe/doris-meta + name: fetest + persistentVolumeClaimSpec: + # when use specific storageclass, the storageClassName should reConfig, example as annotation. + #storageClassName: openebs-jiva-csi-default + accessModes: + - ReadWriteOnce + resources: + # notice: if the storage size less 5G, fe will not start normal. + requests: + storage: 10Gi + - mountPath: /opt/apache-doris/fe/log + name: felog + persistentVolumeClaimSpec: + # when use specific storageclass, the storageClassName should reConfig, example as annotation. + #storageClassName: openebs-jiva-csi-default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + beSpec: + replicas: 1 + image: selectdb/doris.be-ubuntu:2.1.1 + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + persistentVolumes: + - mountPath: /opt/apache-doris/be/storage + name: betest + persistentVolumeClaimSpec: + # when use specific storageclass, the storageClassName should reConfig, example as annotation. + #storageClassName: openebs-jiva-csi-default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + - mountPath: /opt/apache-doris/be/log + name: belog + persistentVolumeClaimSpec: + # when use specific storageclass, the storageClassName should reConfig, example as annotation. + #storageClassName: openebs-jiva-csi-default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/test/resource/doris/kafka-load.sql b/test/resource/doris/kafka-load.sql new file mode 100644 index 0000000..88fcaaa --- /dev/null +++ b/test/resource/doris/kafka-load.sql @@ -0,0 +1,202 @@ +# 创建数据库 +CREATE DATABASE citacloud; +# 使用数据库 +USE citacloud; +# 创建各种表 +CREATE TABLE IF NOT EXISTS citacloud.blocks( + height BIGINT, + block_hash VARCHAR(64), + prev_hash VARCHAR(64), + proof VARCHAR, + proposer VARCHAR(40), + state_root VARCHAR(64), + timestamp BIGINT, + transaction_root VARCHAR(64), + tx_count INT, + version INT) +DISTRIBUTED BY HASH(`height`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +CREATE TABLE IF NOT EXISTS citacloud.txs +( + `height` BIGINT, + `index` INT, + `tx_hash` VARCHAR(64), + `data` VARCHAR, + `nonce` VARCHAR(128), + `quota` BIGINT, + `to` VARCHAR(40), + `valid_until_block` BIGINT, + `value` VARCHAR(64), + `version` INT, + -- witness begin + `sender` VARCHAR(40), + `signature` VARCHAR(256), + -- witness end + INDEX idx_height(height) USING INVERTED, + INDEX idx_tx_hash(tx_hash) USING INVERTED +) +DISTRIBUTED BY HASH(`tx_hash`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +CREATE TABLE IF NOT EXISTS citacloud.utxos +( + `height` BIGINT, + `index` INT, + `tx_hash` VARCHAR(64), + `lock_id` INT, + `output` VARCHAR, + `pre_tx_hash` VARCHAR(66), + `version` INT, + -- witness begin + `sender` VARCHAR(40), + `signature` VARCHAR(256), + -- witness end + INDEX idx_height(height) USING INVERTED, + INDEX idx_tx_hash(tx_hash) USING INVERTED +) +DISTRIBUTED BY HASH(`tx_hash`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +CREATE TABLE IF NOT EXISTS citacloud.receipts +( + `height` BIGINT, + `index` INT, + `contract_addr` VARCHAR(40), + `cumulative_quota_used` VARCHAR(64), + `quota_used` VARCHAR(64), + `error_msg` VARCHAR, + `logs_bloom` VARCHAR(512), + `tx_hash` VARCHAR(64), + INDEX idx_height(height) USING INVERTED, + INDEX idx_tx_hash(tx_hash) USING INVERTED +) +DISTRIBUTED BY HASH(`tx_hash`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +CREATE TABLE IF NOT EXISTS citacloud.logs +( + `address` VARCHAR(40), + -- at most 4 topic: 256 + 32 + `topics` VARCHAR(288), + `data` VARCHAR, + `height` BIGINT, + `log_index` INT, + `tx_log_index` INT, + `tx_hash` VARCHAR(64), +) +DISTRIBUTED BY HASH(`tx_hash`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +CREATE TABLE IF NOT EXISTS citacloud.systemconfig +( + `height` BIGINT, + `admin` VARCHAR(40), + `block_interval` INT, + `block_limit` INT, + `chain_id` VARCHAR(64), + `emergency_brake` BOOLEAN, + `quota_limit` BIGINT, + `validators` VARCHAR, + `version` INT, + INDEX idx_height(height) USING INVERTED +) +DISTRIBUTED BY HASH(`height`) BUCKETS 1 +PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" +); + +# 创建导出任务 +CREATE ROUTINE LOAD citacloud.example_routine_load_blocks_json ON blocks +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.blocks", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); + +CREATE ROUTINE LOAD citacloud.example_routine_load_txs_json ON txs +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.txs", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); + +CREATE ROUTINE LOAD citacloud.example_routine_load_utxos_json ON utxos +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.utxos", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); + +CREATE ROUTINE LOAD citacloud.example_routine_load_receipts_json ON receipts +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.receipts", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); + +CREATE ROUTINE LOAD citacloud.example_routine_load_logs_json ON logs +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.logs", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); + +CREATE ROUTINE LOAD citacloud.example_routine_load_systemconfig_json ON systemconfig +PROPERTIES +( + "desired_concurrent_number"="1", + "format" = "json", + "strict_mode" = "false" +) +FROM KAFKA( + "kafka_broker_list" = "my-cluster-kafka-bootstrap:9092", + "kafka_topic" = "cita-cloud.xxxxxx.system-config", + "kafka_partitions" = "0", + "property.kafka_default_offsets" = "OFFSET_BEGINNING" +); \ No newline at end of file diff --git a/test/resource/doris/operator.yaml b/test/resource/doris/operator.yaml new file mode 100644 index 0000000..aaa18e3 --- /dev/null +++ b/test/resource/doris/operator.yaml @@ -0,0 +1,481 @@ +# permissions to do leader election. +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: doris-operator + app.kubernetes.io/name: namespace + app.kubernetes.io/instance: doris + app.kubernetes.io/component: doris-operator + app.kubernetes.io/part-of: doris-operator + name: doris +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: role + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role + namespace: xxxxxx +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: rolebinding + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding + namespace: xxxxxx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: + - kind: ServiceAccount + name: doris-operator + namespace: xxxxxx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: doris-operator +rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - update + - list + - watch + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - mutatingwebhookconfigurations + verbs: + - get + - update + - list + - watch + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - validatingwebhookconfigurations + verbs: + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - doris.selectdb.com + resources: + - dorisclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - doris.selectdb.com + resources: + - dorisclusters/finalizers + verbs: + - update + - apiGroups: + - doris.selectdb.com + resources: + - dorisclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: doris-operator-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + app.kubernetes.io/managed-by: kustomize + name: doris-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: doris-operator +subjects: + - kind: ServiceAccount + name: doris-operator + namespace: xxxxxx +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/instance: controller-doris-operator-sa + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + app.kubernetes.io/managed-by: kustomize + name: doris-operator + namespace: xxxxxx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: doris-operator-validate-webhook +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: doris-operator-service + namespace: xxxxxx + path: /validate-doris-selectdb-com-v1-doriscluster + failurePolicy: Ignore + name: vdoriscluster.kb.io + rules: + - apiGroups: + - doris.selectdb.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - dorisclusters + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: doris-operator-mutate-webhook +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: doris-operator-service + namespace: xxxxxx + path: /mutate-doris-selectdb-com-v1-doriscluster + failurePolicy: Ignore + name: mdoriscluster.kb.io + rules: + - apiGroups: + - doris.selectdb.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - dorisclusters + sideEffects: None +--- +apiVersion: v1 +kind: Secret +metadata: + name: doris-operator-secret-cert + namespace: xxxxxx + labels: + control-plane: doris-operator + app.kubernetes.io/instance: doris-operator +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + name: doris-operator-service + namespace: xxxxxx +spec: + ports: + - name: https + port: 443 + targetPort: 9443 + selector: + control-plane: doris-operator + app.kubernetes.io/name: deployment + app.kubernetes.io/instance: doris-operator + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: doris-operator + namespace: xxxxxx + labels: + control-plane: doris-operator + app.kubernetes.io/name: deployment + app.kubernetes.io/instance: doris-operator + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator +spec: + selector: + matchLabels: + control-plane: doris-operator + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: doris-operator + labels: + control-plane: doris-operator + app.kubernetes.io/name: deployment + app.kubernetes.io/instance: doris-operator + app.kubernetes.io/created-by: doris-operator + app.kubernetes.io/part-of: doris-operator + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /dorisoperator + args: + - --leader-elect + image: selectdb/doris.k8s-operator:latest + imagePullPolicy: Always + name: dorisoperator + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + env: + - name: ENABLE_WEBHOOK + value: "false" + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SERVICE_NAME + value: doris-operator-service + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1" + memory: 2Gi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: doris-operator-secret-cert + serviceAccountName: doris-operator + terminationGracePeriodSeconds: 10 diff --git a/test/resource/kafka/kafka-bridge.yaml b/test/resource/kafka/kafka-bridge.yaml new file mode 100644 index 0000000..5156348 --- /dev/null +++ b/test/resource/kafka/kafka-bridge.yaml @@ -0,0 +1,9 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaBridge +metadata: + name: my-bridge +spec: + replicas: 1 + bootstrapServers: my-cluster-kafka-bootstrap:9092 + http: + port: 8080 \ No newline at end of file diff --git a/test/resource/kafka/kafka-single-node.yaml b/test/resource/kafka/kafka-single-node.yaml new file mode 100644 index 0000000..5c7a0af --- /dev/null +++ b/test/resource/kafka/kafka-single-node.yaml @@ -0,0 +1,50 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaNodePool +metadata: + name: dual-role + labels: + strimzi.io/cluster: my-cluster +spec: + replicas: 1 + roles: + - controller + - broker + storage: + type: jbod + volumes: + - id: 0 + type: persistent-claim + size: 100Gi + deleteClaim: false + kraftMetadata: shared +--- + +apiVersion: kafka.strimzi.io/v1beta2 +kind: Kafka +metadata: + name: my-cluster + annotations: + strimzi.io/node-pools: enabled + strimzi.io/kraft: enabled +spec: + kafka: + version: 3.7.0 + metadataVersion: 3.7-IV4 + listeners: + - name: plain + port: 9092 + type: internal + tls: false + - name: tls + port: 9093 + type: internal + tls: true + config: + offsets.topic.replication.factor: 1 + transaction.state.log.replication.factor: 1 + transaction.state.log.min.isr: 1 + default.replication.factor: 1 + min.insync.replicas: 1 + entityOperator: + topicOperator: {} + userOperator: {} diff --git a/test/resource/kafka/strimzi.yaml b/test/resource/kafka/strimzi.yaml new file mode 100644 index 0000000..9981d8a --- /dev/null +++ b/test/resource/kafka/strimzi.yaml @@ -0,0 +1,20851 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkanodepools.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaNodePool + listKind: KafkaNodePoolList + singular: kafkanodepool + plural: kafkanodepools + shortNames: + - knp + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of replicas + jsonPath: .spec.replicas + type: integer + - name: Roles + description: Roles of the nodes in the pool + jsonPath: .status.roles + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + replicas: + type: integer + minimum: 0 + description: The number of pods in the pool. + storage: + type: object + properties: + class: + type: string + description: The storage class to use for dynamic volume allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. It is mandatory only for + storage volumes defined in a storage of type 'jbod'. + kraftMetadata: + type: string + enum: + - shared + description: >- + Specifies whether this volume should be used for storing + KRaft metadata. This property is optional. When set, the + only currently supported value is `shared`. At most one + volume can have this property set. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` field + allows to specify a different configuration for + different brokers. + selector: + additionalProperties: + type: string + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When `type=persistent-claim`, defines the size of the + persistent volume claim, such as 100Gi. Mandatory when + `type=persistent-claim`. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of local + storage required for this EmptyDir volume (for example + 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + - jbod + description: >- + Storage type, must be either 'ephemeral', + 'persistent-claim', or 'jbod'. + volumes: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. Mandatory for + storage volumes defined with a `jbod` storage type + configuration. + kraftMetadata: + type: string + enum: + - shared + description: >- + Specifies whether this volume should be used for + storing KRaft metadata. This property is optional. + When set, the only currently supported value is + `shared`. At most one volume can have this + property set. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` + field allows to specify a different configuration + for different brokers. + selector: + additionalProperties: + type: string + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When `type=persistent-claim`, defines the size of + the persistent volume claim, such as 100Gi. + Mandatory when `type=persistent-claim`. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of + local storage required for this EmptyDir volume + (for example 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + description: >- + Storage type, must be either 'ephemeral' or + 'persistent-claim'. + required: + - type + description: >- + List of volumes as Storage objects representing the JBOD + disks array. + required: + - type + description: Storage configuration (disk). Cannot be updated. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: >- + The roles that the nodes in this pool will have when KRaft + mode is enabled. Supported values are 'broker' and + 'controller'. This field is required. When KRaft mode is + disabled, the only allowed value if `broker`. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + template: + type: object + properties: + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: Template for Kafka `Pods`. + perPodService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Services` used for access + from outside of Kubernetes. + perPodRoute: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Routes` used for access from + outside of OpenShift. + perPodIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Ingress` used for access + from outside of Kubernetes. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for all Kafka `PersistentVolumeClaims`. + kafkaContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka broker container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka init container. + description: >- + Template for pool resources. The template allows users to + specify how the resources belonging to this pool are + generated. + required: + - replicas + - storage + - roles + description: The specification of the KafkaNodePool. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + nodeIds: + type: array + items: + type: integer + description: Node IDs used by Kafka nodes in this pool. + clusterId: + type: string + description: Kafka cluster ID. + roles: + type: array + items: + type: string + enum: + - controller + - broker + description: The roles currently assigned to this pool. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + labelSelector: + type: string + description: Label selector for pods providing this resource. + description: The status of the KafkaNodePool. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: xxxxxx +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-namespaced + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkausers.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaUser + listKind: KafkaUserList + singular: kafkauser + plural: kafkausers + shortNames: + - ku + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object + properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: >- + Specify the password for the user. If not set, a new + password is generated by the User Operator. + type: + type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: >- + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. + + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: + type: object + properties: + acls: + type: array + items: + type: object + properties: + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + host: + type: string + description: >- + The host from which the action described in the + ACL rule is allowed or denied. If not set, it + defaults to `*`, allowing or denying the action + from any host. + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: >- + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: >- + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: >- + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object + properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: >- + Specify the password for the user. If not set, a new + password is generated by the User Operator. + type: + type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: >- + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. + + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: + type: object + properties: + acls: + type: array + items: + type: object + properties: + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + host: + type: string + description: >- + The host from which the action described in the + ACL rule is allowed or denied. If not set, it + defaults to `*`, allowing or denying the action + from any host. + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: >- + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: >- + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: >- + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this user belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Authentication + description: How the user is authenticated + jsonPath: .spec.authentication.type + type: string + - name: Authorization + description: How the user is authorised + jsonPath: .spec.authorization.type + type: string + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + authentication: + type: object + properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Selects a key of a Secret in the resource's + namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: >- + Specify the password for the user. If not set, a new + password is generated by the User Operator. + type: + type: string + enum: + - tls + - tls-external + - scram-sha-512 + description: Authentication type. + required: + - type + description: >- + Authentication mechanism enabled for this Kafka user. The + supported authentication mechanisms are `scram-sha-512`, + `tls`, and `tls-external`. + + + * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 + credentials. + + * `tls` generates a secret with user certificate for mutual + TLS authentication. + + * `tls-external` does not generate a user certificate. But + prepares the user for using mutual TLS authentication using + a user certificate generated outside the User Operator. + ACLs and quotas set for this user are configured in the `CN=` format. + + Authentication is optional. If authentication is not + configured, no credentials are generated. ACLs and quotas + set for the user are configured in the `` format + suitable for SASL authentication. + authorization: + type: object + properties: + acls: + type: array + items: + type: object + properties: + type: + type: string + enum: + - allow + - deny + description: >- + The type of the rule. Currently the only supported + type is `allow`. ACL rules with type `allow` are + used to allow user to execute the specified + operations. Default value is `allow`. + resource: + type: object + properties: + name: + type: string + description: >- + Name of resource for which given ACL rule + applies. Can be combined with `patternType` + field to use prefix pattern. + patternType: + type: string + enum: + - literal + - prefix + description: >- + Describes the pattern used in the resource + field. The supported types are `literal` and + `prefix`. With `literal` pattern type, the + resource field will be used as a definition of + a full name. With `prefix` pattern type, the + resource name will be used only as a prefix. + Default value is `literal`. + type: + type: string + enum: + - topic + - group + - cluster + - transactionalId + description: >- + Resource type. The available resource types + are `topic`, `group`, `cluster`, and + `transactionalId`. + required: + - type + description: >- + Indicates the resource for which given ACL rule + applies. + host: + type: string + description: >- + The host from which the action described in the + ACL rule is allowed or denied. If not set, it + defaults to `*`, allowing or denying the action + from any host. + operation: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + Operation which will be allowed or denied. + Supported operations are: Read, Write, Create, + Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: >- + List of operations which will be allowed or + denied. Supported operations are: Read, Write, + Create, Delete, Alter, Describe, ClusterAction, + AlterConfigs, DescribeConfigs, IdempotentWrite and + All. + required: + - resource + description: List of ACL rules which should be applied to this user. + type: + type: string + enum: + - simple + description: >- + Authorization type. Currently the only supported type is + `simple`. `simple` authorization type uses the Kafka + Admin API for managing the ACL rules. + required: + - acls + - type + description: Authorization rules for this Kafka user. + quotas: + type: object + properties: + producerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can publish to a broker before the clients in the + group are throttled. Defined on a per-broker basis. + consumerByteRate: + type: integer + minimum: 0 + description: >- + A quota on the maximum bytes per-second that each client + group can fetch from a broker before the clients in the + group are throttled. Defined on a per-broker basis. + requestPercentage: + type: integer + minimum: 0 + description: >- + A quota on the maximum CPU utilization of each client + group as a percentage of network and I/O threads. + controllerMutationRate: + type: number + minimum: 0 + description: >- + A quota on the rate at which mutations are accepted for + the create topics request, the create partitions request + and the delete topics request. The rate is accumulated + by the number of partitions created or deleted. + description: >- + Quotas on requests to control the broker resources used by + clients. Network bandwidth and request rate quotas can be + enforced.Kafka documentation for Kafka User quotas can be + found at + http://kafka.apache.org/documentation/#design_quotas. + template: + type: object + properties: + secret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for KafkaUser resources. The template allows + users to specify how the `Secret` with password or TLS + certificates is generated. + description: Template to specify how Kafka User `Secrets` are generated. + description: The specification of the user. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + username: + type: string + description: Username. + secret: + type: string + description: The name of `Secret` where the credentials are stored. + description: The status of the Kafka User. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkatopics.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaTopic + listKind: KafkaTopicList + singular: kafkatopic + plural: kafkatopics + shortNames: + - kt + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + partitions: + type: integer + minimum: 1 + description: >- + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: >- + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: >- + The topic's id. For a KafkaTopic with the ready condition, + this will change only if the topic gets deleted and + recreated with the same name. + replicasChange: + type: object + properties: + targetReplicas: + type: integer + description: >- + The target replicas value requested by the user. This + may be different from .spec.replicas when a change is + ongoing. + state: + type: string + enum: + - pending + - ongoing + description: >- + Current state of the replicas change operation. This can + be `pending`, when the change has been requested, or + `ongoing`, when the change has been successfully + submitted to Cruise Control. + message: + type: string + description: >- + Message for the user related to the replicas change + request. This may contain transient error messages that + would disappear on periodic reconciliations. + sessionId: + type: string + description: >- + The session identifier for replicas change requests + pertaining to this KafkaTopic resource. This is used by + the Topic Operator to track the status of `ongoing` + replicas change operations. + description: Replication factor change status. + description: The status of the topic. + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + partitions: + type: integer + minimum: 1 + description: >- + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: >- + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: >- + The topic's id. For a KafkaTopic with the ready condition, + this will change only if the topic gets deleted and + recreated with the same name. + replicasChange: + type: object + properties: + targetReplicas: + type: integer + description: >- + The target replicas value requested by the user. This + may be different from .spec.replicas when a change is + ongoing. + state: + type: string + enum: + - pending + - ongoing + description: >- + Current state of the replicas change operation. This can + be `pending`, when the change has been requested, or + `ongoing`, when the change has been successfully + submitted to Cruise Control. + message: + type: string + description: >- + Message for the user related to the replicas change + request. This may contain transient error messages that + would disappear on periodic reconciliations. + sessionId: + type: string + description: >- + The session identifier for replicas change requests + pertaining to this KafkaTopic resource. This is used by + the Topic Operator to track the status of `ongoing` + replicas change operations. + description: Replication factor change status. + description: The status of the topic. + - name: v1alpha1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this topic belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Partitions + description: The desired number of partitions in the topic + jsonPath: .spec.partitions + type: integer + - name: Replication factor + description: The desired number of replicas of each partition + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + topicName: + type: string + description: >- + The name of the topic. When absent this will default to the + metadata.name of the topic. It is recommended to not set + this unless the topic name is not a valid Kubernetes + resource name. + partitions: + type: integer + minimum: 1 + description: >- + The number of partitions the topic should have. This cannot + be decreased after topic creation. It can be increased after + topic creation, but it is important to understand the + consequences that has, especially for topics with semantic + partitioning. When absent this will default to the broker + configuration for `num.partitions`. + replicas: + type: integer + minimum: 1 + maximum: 32767 + description: >- + The number of replicas the topic should have. When absent + this will default to the broker configuration for + `default.replication.factor`. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The topic configuration. + description: The specification of the topic. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + topicName: + type: string + description: Topic name. + topicId: + type: string + description: >- + The topic's id. For a KafkaTopic with the ready condition, + this will change only if the topic gets deleted and + recreated with the same name. + replicasChange: + type: object + properties: + targetReplicas: + type: integer + description: >- + The target replicas value requested by the user. This + may be different from .spec.replicas when a change is + ongoing. + state: + type: string + enum: + - pending + - ongoing + description: >- + Current state of the replicas change operation. This can + be `pending`, when the change has been requested, or + `ongoing`, when the change has been successfully + submitted to Cruise Control. + message: + type: string + description: >- + Message for the user related to the replicas change + request. This may contain transient error messages that + would disappear on periodic reconciliations. + sessionId: + type: string + description: >- + The session identifier for replicas change requests + pertaining to this KafkaTopic resource. This is used by + the Topic Operator to track the status of `ongoing` + replicas change operations. + description: Replication factor change status. + description: The status of the topic. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkaconnects.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaConnect + listKind: KafkaConnectList + singular: kafkaconnect + plural: kafkaconnects + shortNames: + - kc + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of Kafka Connect replicas + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + version: + type: string + description: >- + The Kafka Connect version. Defaults to the latest version. + Consult the user documentation to understand the process + required to upgrade or downgrade the version. + replicas: + type: integer + description: >- + The number of pods in the Kafka Connect group. Defaults to + `3`. + image: + type: string + description: >- + The container image used for Kafka Connect pods. If no image + name is explicitly specified, it is determined based on the + `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. + bootstrapServers: + type: string + description: >- + Bootstrap servers to connect to. This should be given as a + comma separated list of __:__ pairs. + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - secretName + - certificate + description: Trusted certificates for TLS connection. + description: TLS configuration. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access token + which was obtained from the authorization server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as JWT. + This should be set to `false` if the authorization + server returns opaque tokens. Defaults to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against the + authorization server. Some authorization servers require + the audience to be explicitly set. The possible values + depend on how the authorization server is configured. By + default, `audience` is not specified when performing the + token endpoint request. + certificateAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the certificate + and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the token + endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth client + secret which the Kafka client can use to authenticate + against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective connect + timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an initial + HTTP request fails. If not set, the default is to not + attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP request. + If not set, the default is to not pause at all but to + immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests to + the authorization servers. The default value is `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to the + specified number of seconds. This should be set if the + authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the password. + password: + type: string + description: >- + The name of the key in the Secret under which the + password is stored. + required: + - secretName + - password + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh token + which can be used to obtain access token from the + authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers require + this to be set. The possible values depend on how + authorization server is configured. By default `scope` + is not specified when doing the token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types are + `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and + 'oauth'. `scram-sha-256` and `scram-sha-512` types use + SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 + Authentication, respectively. `plain` type uses SASL + PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER + Authentication. The `tls` type uses TLS Client + Authentication. The `tls` type is supported only over + TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: Authentication configuration for Kafka Connect. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connect configuration. Properties with the + following prefixes cannot be set: ssl., sasl., security., + listeners, plugin.path, rest., bootstrap.servers, + consumer.interceptor.classes, producer.interceptor.classes + (with the exception of: + ssl.endpoint.identification.algorithm, ssl.cipher.suites, + ssl.protocol, ssl.enabled.protocols). + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: >- + The maximum limits for CPU and memory resources and the + requested initial resources. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: >- + Authentication type. Currently the only supported + types are `password`.`password` type creates a + username and protected port with no TLS. + required: + - type + description: >- + Authentication configuration for connecting to the JMX + port. + description: JMX Options. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for Kafka Connect. + clientRackInitImage: + type: string + description: >- + The image of the init container used for initializing the + `client.rack`. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: >- + A key that matches labels assigned to the Kubernetes + cluster nodes. The value of the label is used to set a + broker's `broker.rack` config, and the `client.rack` + config for Kafka Connect or MirrorMaker 2. + required: + - topologyKey + description: >- + Configuration of the node label which will be used as the + `client.rack` consumer configuration. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + tracing: + type: object + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka Connect. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka Connect `Deployment`. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka Connect `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: Template for Kafka Connect `Pods`. + apiService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Connect API `Service`. + headlessService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Connect headless `Service`. + connectContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Connect container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka init container. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka Connect `PodDisruptionBudget`. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect service account. + clusterRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect ClusterRoleBinding. + buildPod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: >- + Template for Kafka Connect Build `Pods`. The build pod + is used only on Kubernetes. + buildContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Kafka Connect Build container. The + build container is used only on Kubernetes. + buildConfig: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + pullSecret: + type: string + description: >- + Container Registry Secret with the credentials for + pulling the base image. + description: >- + Template for the Kafka Connect BuildConfig used to build + new container images. The BuildConfig is used only on + OpenShift. + buildServiceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect Build service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Secret of the Kafka Connect Cluster JMX + authentication. + description: >- + Template for Kafka Connect and Kafka Mirror Maker 2 + resources. The template allows users to specify how the + `Pods`, `Service`, and other services are generated. + externalConfiguration: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: >- + Name of the environment variable which will be + passed to the Kafka Connect pods. The name of the + environment variable cannot start with `KAFKA_` or + `STRIMZI_`. + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to a key in a Secret. + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to a key in a ConfigMap. + description: >- + Value of the environment variable which will be + passed to the Kafka Connect pods. It can be passed + either as a reference to Secret or ConfigMap + field. The field has to specify exactly one Secret + or ConfigMap. + required: + - name + - valueFrom + description: >- + Makes data from a Secret or ConfigMap available in the + Kafka Connect pods as environment variables. + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: >- + Name of the volume which will be added to the + Kafka Connect pods. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: >- + Reference to a key in a Secret. Exactly one Secret + or ConfigMap has to be specified. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to a key in a ConfigMap. Exactly one + Secret or ConfigMap has to be specified. + required: + - name + description: >- + Makes data from a Secret or ConfigMap available in the + Kafka Connect pods as volumes. + description: >- + Pass data from Secrets or ConfigMaps to the Kafka Connect + pods and use them to configure connectors. + build: + type: object + properties: + output: + type: object + properties: + additionalKanikoOptions: + type: array + items: + type: string + description: >- + Configures additional options which will be passed + to the Kaniko executor when building the new Connect + image. Allowed options are: --customPlatform, + --insecure, --insecure-pull, --insecure-registry, + --log-format, --log-timestamp, --registry-mirror, + --reproducible, --single-snapshot, + --skip-tls-verify, --skip-tls-verify-pull, + --skip-tls-verify-registry, --verbosity, + --snapshotMode, --use-new-run. These options will be + used only on Kubernetes where the Kaniko executor is + used. They will be ignored on OpenShift. The options + are described in the + link:https://github.com/GoogleContainerTools/kaniko[Kaniko + GitHub repository^]. Changing this field does not + trigger new build of the Kafka Connect image. + image: + type: string + description: The name of the image which will be built. Required. + pushSecret: + type: string + description: >- + Container Registry Secret with the credentials for + pushing the newly built image. + type: + type: string + enum: + - docker + - imagestream + description: >- + Output type. Must be either `docker` for pushing the + newly build image to Docker compatible registry or + `imagestream` for pushing the image to OpenShift + ImageStream. Required. + required: + - image + - type + description: >- + Configures where should the newly built image be stored. + Required. + plugins: + type: array + items: + type: object + properties: + name: + type: string + pattern: '^[a-z0-9][-_a-z0-9]*[a-z0-9]$' + description: >- + The unique name of the connector plugin. Will be + used to generate the path where the connector + artifacts will be stored. The name has to be + unique within the KafkaConnect resource. The name + has to follow the following pattern: + `^[a-z][-_a-z0-9]*[a-z]$`. Required. + artifacts: + type: array + items: + type: object + properties: + artifact: + type: string + description: >- + Maven artifact id. Applicable to the `maven` + artifact type only. + fileName: + type: string + description: >- + Name under which the artifact will be + stored. + group: + type: string + description: >- + Maven group id. Applicable to the `maven` + artifact type only. + insecure: + type: boolean + description: >- + By default, connections using TLS are + verified to check they are secure. The + server certificate used must be valid, + trusted, and contain the server name. By + setting this option to `true`, all TLS + verification is disabled and the artifact + will be downloaded, even when the server is + considered insecure. + repository: + type: string + description: >- + Maven repository to download the artifact + from. Applicable to the `maven` artifact + type only. + sha512sum: + type: string + description: >- + SHA512 checksum of the artifact. Optional. + If specified, the checksum will be verified + while building the new container. If not + specified, the downloaded artifact will not + be verified. Not applicable to the `maven` + artifact type. + type: + type: string + enum: + - jar + - tgz + - zip + - maven + - other + description: >- + Artifact type. Currently, the supported + artifact types are `tgz`, `jar`, `zip`, + `other` and `maven`. + url: + type: string + pattern: >- + ^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$ + description: >- + URL of the artifact which will be + downloaded. Strimzi does not do any security + scanning of the downloaded artifacts. For + security reasons, you should first verify + the artifacts manually and configure the + checksum verification to make sure the same + artifact is used in the automated build. + Required for `jar`, `zip`, `tgz` and `other` + artifacts. Not applicable to the `maven` + artifact type. + version: + type: string + description: >- + Maven version number. Applicable to the + `maven` artifact type only. + required: + - type + description: >- + List of artifacts which belong to this connector + plugin. Required. + required: + - name + - artifacts + description: >- + List of connector plugins which should be added to the + Kafka Connect. Required. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve for the build. + required: + - output + - plugins + description: >- + Configures how the Connect container image should be built. + Optional. + required: + - bootstrapServers + description: The specification of the Kafka Connect cluster. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + url: + type: string + description: >- + The URL of the REST API endpoint for managing and monitoring + Kafka Connect connectors. + connectorPlugins: + type: array + items: + type: object + properties: + class: + type: string + description: The class of the connector plugin. + type: + type: string + description: >- + The type of the connector plugin. The available types + are `sink` and `source`. + version: + type: string + description: The version of the connector plugin. + description: >- + The list of connector plugins available in this Kafka + Connect deployment. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + labelSelector: + type: string + description: Label selector for pods providing this resource. + description: The status of the Kafka Connect cluster. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkabridges.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaBridge + listKind: KafkaBridgeList + singular: kafkabridge + plural: kafkabridges + shortNames: + - kb + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of Kafka Bridge replicas + jsonPath: .spec.replicas + type: integer + - name: Bootstrap Servers + description: The boostrap servers + jsonPath: .spec.bootstrapServers + type: string + priority: 1 + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + replicas: + type: integer + minimum: 0 + description: The number of pods in the `Deployment`. Defaults to `1`. + image: + type: string + description: >- + The container image used for Kafka Bridge pods. If no image + name is explicitly specified, the image name corresponds to + the image specified in the Cluster Operator configuration. + If an image name is not defined in the Cluster Operator + configuration, a default value is used. + bootstrapServers: + type: string + description: >- + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - secretName + - certificate + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting Kafka Bridge to the + cluster. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access token + which was obtained from the authorization server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as JWT. + This should be set to `false` if the authorization + server returns opaque tokens. Defaults to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against the + authorization server. Some authorization servers require + the audience to be explicitly set. The possible values + depend on how the authorization server is configured. By + default, `audience` is not specified when performing the + token endpoint request. + certificateAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the certificate + and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the token + endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth client + secret which the Kafka client can use to authenticate + against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective connect + timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an initial + HTTP request fails. If not set, the default is to not + attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP request. + If not set, the default is to not pause at all but to + immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests to + the authorization servers. The default value is `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to the + specified number of seconds. This should be set if the + authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the password. + password: + type: string + description: >- + The name of the key in the Secret under which the + password is stored. + required: + - secretName + - password + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored in + the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh token + which can be used to obtain access token from the + authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers require + this to be set. The possible values depend on how + authorization server is configured. By default `scope` + is not specified when doing the token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types are + `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and + 'oauth'. `scram-sha-256` and `scram-sha-512` types use + SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 + Authentication, respectively. `plain` type uses SASL + PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER + Authentication. The `tls` type uses TLS Client + Authentication. The `tls` type is supported only over + TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: Authentication configuration for connecting to the cluster. + http: + type: object + properties: + port: + type: integer + minimum: 1023 + description: The port which is the server listening on. + cors: + type: object + properties: + allowedOrigins: + type: array + items: + type: string + description: >- + List of allowed origins. Java regular expressions + can be used. + allowedMethods: + type: array + items: + type: string + description: List of allowed HTTP methods. + required: + - allowedOrigins + - allowedMethods + description: CORS configuration for the HTTP Bridge. + description: The HTTP related configuration. + adminClient: + type: object + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka AdminClient configuration used for AdminClient + instances created by the bridge. + description: Kafka AdminClient related configuration. + consumer: + type: object + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka consumer configuration used for consumer + instances created by the bridge. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, group.id, sasl., security. (with the + exception of: ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + description: Kafka consumer related configuration. + producer: + type: object + properties: + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka producer configuration used for producer + instances created by the bridge. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, sasl., security. (with the exception + of: ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + description: Kafka producer related configuration. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: '**Currently not supported** JVM Options for pods.' + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for Kafka Bridge. + clientRackInitImage: + type: string + description: >- + The image of the init container used for initializing the + `client.rack`. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: >- + A key that matches labels assigned to the Kubernetes + cluster nodes. The value of the label is used to set a + broker's `broker.rack` config, and the `client.rack` + config for Kafka Connect or MirrorMaker 2. + required: + - topologyKey + description: >- + Configuration of the node label which will be used as the + client.rack consumer configuration. + enableMetrics: + type: boolean + description: Enable the metrics for the Kafka Bridge. Default is false. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod readiness checking. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka Bridge `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: Template for Kafka Bridge `Pods`. + apiService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Bridge API `Service`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka Bridge `PodDisruptionBudget`. + bridgeContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Bridge container. + clusterRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Bridge ClusterRoleBinding. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Bridge service account. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Bridge init container. + description: >- + Template for Kafka Bridge resources. The template allows + users to specify how a `Deployment` and `Pod` is generated. + tracing: + type: object + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka Bridge. + required: + - bootstrapServers + description: The specification of the Kafka Bridge. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + url: + type: string + description: >- + The URL at which external client applications can access the + Kafka Bridge. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + labelSelector: + type: string + description: Label selector for pods providing this resource. + description: The status of the Kafka Bridge. + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: xxxxxx + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-kafka-broker + labels: + app: strimzi +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-watched + labels: + app: strimzi +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - watch + - list + - apiGroups: + - kafka.strimzi.io + resources: + - kafkas + - kafkanodepools + - kafkaconnects + - kafkaconnectors + - kafkamirrormakers + - kafkabridges + - kafkamirrormaker2s + - kafkarebalances + verbs: + - get + - list + - watch + - create + - patch + - update + - apiGroups: + - kafka.strimzi.io + resources: + - kafkas/status + - kafkanodepools/status + - kafkaconnects/status + - kafkaconnectors/status + - kafkamirrormakers/status + - kafkabridges/status + - kafkamirrormaker2s/status + - kafkarebalances/status + verbs: + - get + - patch + - update + - apiGroups: + - core.strimzi.io + resources: + - strimzipodsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - core.strimzi.io + resources: + - strimzipodsets/status + verbs: + - get + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: strimzi-cluster-operator-kafka-client-delegation + labels: + app: strimzi +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-kafka-client + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkamirrormaker2s.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaMirrorMaker2 + listKind: KafkaMirrorMaker2List + singular: kafkamirrormaker2 + plural: kafkamirrormaker2s + shortNames: + - kmm2 + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of Kafka MirrorMaker 2 replicas + jsonPath: .spec.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + version: + type: string + description: >- + The Kafka Connect version. Defaults to the latest version. + Consult the user documentation to understand the process + required to upgrade or downgrade the version. + replicas: + type: integer + description: >- + The number of pods in the Kafka Connect group. Defaults to + `3`. + image: + type: string + description: >- + The container image used for Kafka Connect pods. If no image + name is explicitly specified, it is determined based on the + `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. + connectCluster: + type: string + description: >- + The cluster alias used for Kafka Connect. The value must + match the alias of the *target* Kafka cluster as specified + in the `spec.clusters` configuration. The target Kafka + cluster is used by the underlying Kafka Connect framework + for its internal topics. + clusters: + type: array + items: + type: object + properties: + alias: + type: string + pattern: '^[a-zA-Z0-9\._\-]{1,100}$' + description: Alias used to reference the Kafka cluster. + bootstrapServers: + type: string + description: >- + A comma-separated list of `host:port` pairs for + establishing the connection to the Kafka cluster. + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting MirrorMaker 2 + connectors to a cluster. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing + the secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access + token which was obtained from the authorization + server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated + as JWT. This should be set to `false` if the + authorization server returns opaque tokens. + Defaults to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against + the authorization server. Some authorization + servers require the audience to be explicitly set. + The possible values depend on how the + authorization server is configured. By default, + `audience` is not specified when performing the + token endpoint request. + certificateAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the + certificate and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing + the secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. + Default value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the + default is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP + request. If not set, the default is to not pause + at all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in + requests to the authorization servers. The default + value is `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to + the specified number of seconds. This should be + set if the authorization server returns opaque + tokens. + passwordSecret: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + password. + password: + type: string + description: >- + The name of the key in the Secret under which + the password is stored. + required: + - secretName + - password + description: >- + Reference to the `Secret` which holds the + password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective + read timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing + the secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh + token which can be used to obtain access token + from the authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers + require this to be set. The possible values depend + on how authorization server is configured. By + default `scope` is not specified when doing the + token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the + OAuth server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types + are `tls`, `scram-sha-256`, `scram-sha-512`, + `plain`, and 'oauth'. `scram-sha-256` and + `scram-sha-512` types use SASL SCRAM-SHA-256 and + SASL SCRAM-SHA-512 Authentication, respectively. + `plain` type uses SASL PLAIN Authentication. + `oauth` type uses SASL OAUTHBEARER Authentication. + The `tls` type uses TLS Client Authentication. The + `tls` type is supported only over TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: >- + Authentication configuration for connecting to the + cluster. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The MirrorMaker 2 cluster config. Properties with the + following prefixes cannot be set: ssl., sasl., + security., listeners, plugin.path, rest., + bootstrap.servers, consumer.interceptor.classes, + producer.interceptor.classes (with the exception of: + ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, + ssl.enabled.protocols). + required: + - alias + - bootstrapServers + description: Kafka clusters for mirroring. + mirrors: + type: array + items: + type: object + properties: + sourceCluster: + type: string + description: >- + The alias of the source cluster used by the Kafka + MirrorMaker 2 connectors. The alias must match a + cluster in the list at `spec.clusters`. + targetCluster: + type: string + description: >- + The alias of the target cluster used by the Kafka + MirrorMaker 2 connectors. The alias must match a + cluster in the list at `spec.clusters`. + sourceConnector: + type: object + properties: + tasksMax: + type: integer + minimum: 1 + description: >- + The maximum number of tasks for the Kafka + Connector. + pause: + type: boolean + description: >- + Whether the connector should be paused. Defaults + to false. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connector configuration. The following + properties cannot be set: connector.class, + tasks.max. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. + autoRestart: + type: object + properties: + enabled: + type: boolean + description: >- + Whether automatic restart for failed + connectors and tasks should be enabled or + disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. + description: >- + Automatic restart of connector and tasks + configuration. + description: >- + The specification of the Kafka MirrorMaker 2 source + connector. + heartbeatConnector: + type: object + properties: + tasksMax: + type: integer + minimum: 1 + description: >- + The maximum number of tasks for the Kafka + Connector. + pause: + type: boolean + description: >- + Whether the connector should be paused. Defaults + to false. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connector configuration. The following + properties cannot be set: connector.class, + tasks.max. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. + autoRestart: + type: object + properties: + enabled: + type: boolean + description: >- + Whether automatic restart for failed + connectors and tasks should be enabled or + disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. + description: >- + Automatic restart of connector and tasks + configuration. + description: >- + The specification of the Kafka MirrorMaker 2 heartbeat + connector. + checkpointConnector: + type: object + properties: + tasksMax: + type: integer + minimum: 1 + description: >- + The maximum number of tasks for the Kafka + Connector. + pause: + type: boolean + description: >- + Whether the connector should be paused. Defaults + to false. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connector configuration. The following + properties cannot be set: connector.class, + tasks.max. + state: + type: string + enum: + - paused + - stopped + - running + description: >- + The state the connector should be in. Defaults to + running. + autoRestart: + type: object + properties: + enabled: + type: boolean + description: >- + Whether automatic restart for failed + connectors and tasks should be enabled or + disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that + the operator will try. If the connector + remains in a failed state after reaching this + limit, it must be restarted manually by the + user. Defaults to an unlimited number of + restarts. + description: >- + Automatic restart of connector and tasks + configuration. + description: >- + The specification of the Kafka MirrorMaker 2 + checkpoint connector. + topicsPattern: + type: string + description: >- + A regular expression matching the topics to be + mirrored, for example, "topic1\|topic2\|topic3". + Comma-separated lists are also supported. + topicsBlacklistPattern: + type: string + description: >- + A regular expression matching the topics to exclude + from mirroring. Comma-separated lists are also + supported. + topicsExcludePattern: + type: string + description: >- + A regular expression matching the topics to exclude + from mirroring. Comma-separated lists are also + supported. + groupsPattern: + type: string + description: >- + A regular expression matching the consumer groups to + be mirrored. Comma-separated lists are also supported. + groupsBlacklistPattern: + type: string + description: >- + A regular expression matching the consumer groups to + exclude from mirroring. Comma-separated lists are also + supported. + groupsExcludePattern: + type: string + description: >- + A regular expression matching the consumer groups to + exclude from mirroring. Comma-separated lists are also + supported. + required: + - sourceCluster + - targetCluster + description: Configuration of the MirrorMaker 2 connectors. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: >- + The maximum limits for CPU and memory resources and the + requested initial resources. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: >- + Authentication type. Currently the only supported + types are `password`.`password` type creates a + username and protected port with no TLS. + required: + - type + description: >- + Authentication configuration for connecting to the JMX + port. + description: JMX Options. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for Kafka Connect. + clientRackInitImage: + type: string + description: >- + The image of the init container used for initializing the + `client.rack`. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: >- + A key that matches labels assigned to the Kubernetes + cluster nodes. The value of the label is used to set a + broker's `broker.rack` config, and the `client.rack` + config for Kafka Connect or MirrorMaker 2. + required: + - topologyKey + description: >- + Configuration of the node label which will be used as the + `client.rack` consumer configuration. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + tracing: + type: object + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka Connect. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka Connect `Deployment`. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for Kafka Connect `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: Template for Kafka Connect `Pods`. + apiService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Connect API `Service`. + headlessService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the service. + Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters. `RequireDualStack` fails + unless there are two IP families on dual-stack + configured clusters. If unspecified, Kubernetes will + choose the default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka Connect headless `Service`. + connectContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Connect container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka init container. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka Connect `PodDisruptionBudget`. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect service account. + clusterRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect ClusterRoleBinding. + buildPod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: >- + Template for Kafka Connect Build `Pods`. The build pod + is used only on Kubernetes. + buildContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Kafka Connect Build container. The + build container is used only on Kubernetes. + buildConfig: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + pullSecret: + type: string + description: >- + Container Registry Secret with the credentials for + pulling the base image. + description: >- + Template for the Kafka Connect BuildConfig used to build + new container images. The BuildConfig is used only on + OpenShift. + buildServiceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka Connect Build service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: >- + Template for Secret of the Kafka Connect Cluster JMX + authentication. + description: >- + Template for Kafka Connect and Kafka Mirror Maker 2 + resources. The template allows users to specify how the + `Pods`, `Service`, and other services are generated. + externalConfiguration: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: >- + Name of the environment variable which will be + passed to the Kafka Connect pods. The name of the + environment variable cannot start with `KAFKA_` or + `STRIMZI_`. + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to a key in a Secret. + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Reference to a key in a ConfigMap. + description: >- + Value of the environment variable which will be + passed to the Kafka Connect pods. It can be passed + either as a reference to Secret or ConfigMap + field. The field has to specify exactly one Secret + or ConfigMap. + required: + - name + - valueFrom + description: >- + Makes data from a Secret or ConfigMap available in the + Kafka Connect pods as environment variables. + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: >- + Name of the volume which will be added to the + Kafka Connect pods. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: >- + Reference to a key in a Secret. Exactly one Secret + or ConfigMap has to be specified. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to a key in a ConfigMap. Exactly one + Secret or ConfigMap has to be specified. + required: + - name + description: >- + Makes data from a Secret or ConfigMap available in the + Kafka Connect pods as volumes. + description: >- + Pass data from Secrets or ConfigMaps to the Kafka Connect + pods and use them to configure connectors. + required: + - connectCluster + description: The specification of the Kafka MirrorMaker 2 cluster. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + url: + type: string + description: >- + The URL of the REST API endpoint for managing and monitoring + Kafka Connect connectors. + connectors: + type: array + items: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + List of MirrorMaker 2 connector statuses, as reported by the + Kafka Connect REST API. + autoRestartStatuses: + type: array + items: + type: object + properties: + count: + type: integer + description: >- + The number of times the connector or task is + restarted. + connectorName: + type: string + description: The name of the connector being restarted. + lastRestartTimestamp: + type: string + description: >- + The last time the automatic restart was attempted. The + required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC + time zone. + description: List of MirrorMaker 2 connector auto restart statuses. + connectorPlugins: + type: array + items: + type: object + properties: + class: + type: string + description: The class of the connector plugin. + type: + type: string + description: >- + The type of the connector plugin. The available types + are `sink` and `source`. + version: + type: string + description: The version of the connector plugin. + description: >- + The list of connector plugins available in this Kafka + Connect deployment. + labelSelector: + type: string + description: Label selector for pods providing this resource. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + description: The status of the Kafka MirrorMaker 2 cluster. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: strimzipodsets.core.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: core.strimzi.io + names: + kind: StrimziPodSet + listKind: StrimziPodSetList + singular: strimzipodset + plural: strimzipodsets + shortNames: + - sps + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Pods + description: Number of pods managed by the StrimziPodSet + jsonPath: .status.pods + type: integer + - name: Ready Pods + description: Number of ready pods managed by the StrimziPodSet + jsonPath: .status.readyPods + type: integer + - name: Current Pods + description: Number of up-to-date pods managed by the StrimziPodSet + jsonPath: .status.currentPods + type: integer + - name: Age + description: Age of the StrimziPodSet + jsonPath: .metadata.creationTimestamp + type: date + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + selector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + description: >- + Selector is a label query which matches all the pods managed + by this `StrimziPodSet`. Only `matchLabels` is supported. If + `matchExpressions` is set, it will be ignored. + pods: + type: array + items: + x-kubernetes-preserve-unknown-fields: true + type: object + description: The Pods managed by this StrimziPodSet. + required: + - selector + - pods + description: The specification of the StrimziPodSet. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + pods: + type: integer + description: Number of pods managed by this `StrimziPodSet` resource. + readyPods: + type: integer + description: >- + Number of pods managed by this `StrimziPodSet` resource that + are ready. + currentPods: + type: integer + description: >- + Number of pods managed by this `StrimziPodSet` resource that + have the current revision. + description: The status of the StrimziPodSet. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-global + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkamirrormakers.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaMirrorMaker + listKind: KafkaMirrorMakerList + singular: kafkamirrormaker + plural: kafkamirrormakers + shortNames: + - kmm + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + labelSelectorPath: .status.labelSelector + additionalPrinterColumns: + - name: Desired replicas + description: The desired number of Kafka MirrorMaker replicas + jsonPath: .spec.replicas + type: integer + - name: Consumer Bootstrap Servers + description: The boostrap servers for the consumer + jsonPath: .spec.consumer.bootstrapServers + type: string + priority: 1 + - name: Producer Bootstrap Servers + description: The boostrap servers for the producer + jsonPath: .spec.producer.bootstrapServers + type: string + priority: 1 + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + version: + type: string + description: >- + The Kafka MirrorMaker version. Defaults to the latest + version. Consult the documentation to understand the process + required to upgrade or downgrade the version. + replicas: + type: integer + minimum: 0 + description: The number of pods in the `Deployment`. + image: + type: string + description: >- + The container image used for Kafka MirrorMaker pods. If no + image name is explicitly specified, it is determined based + on the `spec.version` configuration. The image names are + specifically mapped to corresponding versions in the Cluster + Operator configuration. + consumer: + type: object + properties: + numStreams: + type: integer + minimum: 1 + description: >- + Specifies the number of consumer stream threads to + create. + offsetCommitInterval: + type: integer + description: >- + Specifies the offset auto-commit interval in ms. Default + value is 60000. + bootstrapServers: + type: string + description: >- + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + groupId: + type: string + description: >- + A unique string that identifies the consumer group this + consumer belongs to. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access + token which was obtained from the authorization + server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as + JWT. This should be set to `false` if the + authorization server returns opaque tokens. Defaults + to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against + the authorization server. Some authorization servers + require the audience to be explicitly set. The + possible values depend on how the authorization + server is configured. By default, `audience` is not + specified when performing the token endpoint + request. + certificateAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the + certificate and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the default + is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP + request. If not set, the default is to not pause at + all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to + the specified number of seconds. This should be set + if the authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the password. + password: + type: string + description: >- + The name of the key in the Secret under which + the password is stored. + required: + - secretName + - password + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh + token which can be used to obtain access token from + the authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers + require this to be set. The possible values depend + on how authorization server is configured. By + default `scope` is not specified when doing the + token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types + are `tls`, `scram-sha-256`, `scram-sha-512`, + `plain`, and 'oauth'. `scram-sha-256` and + `scram-sha-512` types use SASL SCRAM-SHA-256 and + SASL SCRAM-SHA-512 Authentication, respectively. + `plain` type uses SASL PLAIN Authentication. `oauth` + type uses SASL OAUTHBEARER Authentication. The `tls` + type uses TLS Client Authentication. The `tls` type + is supported only over TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: >- + Authentication configuration for connecting to the + cluster. + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting MirrorMaker to the + cluster. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The MirrorMaker consumer config. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, group.id, sasl., security., + interceptor.classes (with the exception of: + ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + required: + - bootstrapServers + - groupId + description: Configuration of source cluster. + producer: + type: object + properties: + bootstrapServers: + type: string + description: >- + A list of host:port pairs for establishing the initial + connection to the Kafka cluster. + abortOnSendFailure: + type: boolean + description: >- + Flag to set the MirrorMaker to exit on a failed send. + Default value is `true`. + authentication: + type: object + properties: + accessToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the access + token which was obtained from the authorization + server. + accessTokenIsJwt: + type: boolean + description: >- + Configure whether access token should be treated as + JWT. This should be set to `false` if the + authorization server returns opaque tokens. Defaults + to `true`. + audience: + type: string + description: >- + OAuth audience to use when authenticating against + the authorization server. Some authorization servers + require the audience to be explicitly set. The + possible values depend on how the authorization + server is configured. By default, `audience` is not + specified when performing the token endpoint + request. + certificateAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: The name of the file certificate in the Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the + certificate and private key pair. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value is + `false`. + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the default + is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed HTTP + request. If not set, the default is to not pause at + all but to immediately repeat a request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. + maxTokenExpirySeconds: + type: integer + description: >- + Set or limit time-to-live of the access tokens to + the specified number of seconds. This should be set + if the authorization server returns opaque tokens. + passwordSecret: + type: object + properties: + secretName: + type: string + description: The name of the Secret containing the password. + password: + type: string + description: >- + The name of the key in the Secret under which + the password is stored. + required: + - secretName + - password + description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + refreshToken: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is stored + in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret containing the + secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the refresh + token which can be used to obtain access token from + the authorization server. + scope: + type: string + description: >- + OAuth scope to use when authenticating against the + authorization server. Some authorization servers + require this to be set. The possible values depend + on how authorization server is configured. By + default `scope` is not specified when doing the + token endpoint request. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - tls + - scram-sha-256 + - scram-sha-512 + - plain + - oauth + description: >- + Authentication type. Currently the supported types + are `tls`, `scram-sha-256`, `scram-sha-512`, + `plain`, and 'oauth'. `scram-sha-256` and + `scram-sha-512` types use SASL SCRAM-SHA-256 and + SASL SCRAM-SHA-512 Authentication, respectively. + `plain` type uses SASL PLAIN Authentication. `oauth` + type uses SASL OAUTHBEARER Authentication. The `tls` + type uses TLS Client Authentication. The `tls` type + is supported only over TLS connections. + username: + type: string + description: Username used for the authentication. + required: + - type + description: >- + Authentication configuration for connecting to the + cluster. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The MirrorMaker producer config. Properties with the + following prefixes cannot be set: ssl., + bootstrap.servers, sasl., security., interceptor.classes + (with the exception of: + ssl.endpoint.identification.algorithm, + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). + tls: + type: object + properties: + trustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: Trusted certificates for TLS connection. + description: >- + TLS configuration for connecting MirrorMaker to the + cluster. + required: + - bootstrapServers + description: Configuration of target cluster. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + whitelist: + type: string + description: >- + List of topics which are included for mirroring. This option + allows any regular expression using Java-style regular + expressions. Mirroring two topics named A and B is achieved + by using the expression `A\|B`. Or, as a special case, you + can mirror all topics using the regular expression `*`. You + can also specify multiple regular expressions separated by + commas. + include: + type: string + description: >- + List of topics which are included for mirroring. This option + allows any regular expression using Java-style regular + expressions. Mirroring two topics named A and B is achieved + by using the expression `A\|B`. Or, as a special case, you + can mirror all topics using the regular expression `*`. You + can also specify multiple regular expressions separated by + commas. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for MirrorMaker. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing the + configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + tracing: + type: object + properties: + type: + type: string + enum: + - jaeger + - opentelemetry + description: >- + Type of the tracing used. Currently the only supported + type is `opentelemetry` for OpenTelemetry tracing. As of + Strimzi 0.37.0, `jaeger` type is not supported anymore + and this option is ignored. + required: + - type + description: The configuration of tracing in Kafka MirrorMaker. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka MirrorMaker `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same namespace + to use for pulling any of the images used by this + Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` + environment variable in Cluster Operator and the + `imagePullSecrets` option are specified, only the + `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and common + container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds after + the processes running in the pod are sent a + termination signal, and the time when the processes + are forcibly halted with a kill signal. Set this + value to longer than the expected cleanup time for + your process. Value must be a non-negative integer. + A zero value indicates delete immediately. You might + need to increase the grace period for very large + Kafka clusters, so that the Kafka brokers have + enough time to transfer their work to another broker + before they are terminated. Defaults to 30 seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler will + be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an optional + list of hosts and IPs that will be injected into the + Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services should + be injected into Pod's environment variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir volume + (`/tmp`). Default value is `5Mi`. + description: Template for Kafka MirrorMaker `Pods`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is allowed + when the `maxUnavailable` number of pods or fewer + are unavailable after the eviction. Setting this + value to 0 prevents all voluntary evictions, so the + pods must be evicted manually. Defaults to 1. + description: Template for Kafka MirrorMaker `PodDisruptionBudget`. + mirrorMakerContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to the + container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for Kafka MirrorMaker container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: Annotations added to the Kubernetes resource. + description: Metadata applied to the resource. + description: Template for the Kafka MirrorMaker service account. + description: >- + Template to specify how Kafka MirrorMaker resources, + `Deployments` and `Pods`, are generated. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default to + 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to + 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. + Minimum value is 1. + description: Pod readiness checking. + oneOf: + - properties: + include: {} + required: + - include + - properties: + whitelist: {} + required: + - whitelist + required: + - replicas + - consumer + - producer + description: The specification of Kafka MirrorMaker. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + labelSelector: + type: string + description: Label selector for pods providing this resource. + replicas: + type: integer + description: >- + The current number of pods being used to provide this + resource. + description: The status of Kafka MirrorMaker. + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: xxxxxx +spec: + replicas: 1 + selector: + matchLabels: + name: strimzi-cluster-operator + strimzi.io/kind: cluster-operator + template: + metadata: + labels: + name: strimzi-cluster-operator + strimzi.io/kind: cluster-operator + spec: + serviceAccountName: strimzi-cluster-operator + volumes: + - name: strimzi-tmp + emptyDir: + medium: Memory + sizeLimit: 1Mi + - name: co-config-volume + configMap: + name: strimzi-cluster-operator + containers: + - name: strimzi-cluster-operator + image: 'quay.io/strimzi/operator:0.41.0' + ports: + - containerPort: 8080 + name: http + args: + - /opt/strimzi/bin/cluster_operator_run.sh + volumeMounts: + - name: strimzi-tmp + mountPath: /tmp + - name: co-config-volume + mountPath: /opt/strimzi/custom-config/ + env: + - name: STRIMZI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS + value: '120000' + - name: STRIMZI_OPERATION_TIMEOUT_MS + value: '300000' + - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE + value: 'quay.io/strimzi/kafka:0.41.0-kafka-3.7.0' + - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE + value: 'quay.io/strimzi/kafka:0.41.0-kafka-3.7.0' + - name: STRIMZI_KAFKA_IMAGES + value: | + 3.6.0=quay.io/strimzi/kafka:0.41.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.41.0-kafka-3.6.1 + 3.6.2=quay.io/strimzi/kafka:0.41.0-kafka-3.6.2 + 3.7.0=quay.io/strimzi/kafka:0.41.0-kafka-3.7.0 + - name: STRIMZI_KAFKA_CONNECT_IMAGES + value: | + 3.6.0=quay.io/strimzi/kafka:0.41.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.41.0-kafka-3.6.1 + 3.6.2=quay.io/strimzi/kafka:0.41.0-kafka-3.6.2 + 3.7.0=quay.io/strimzi/kafka:0.41.0-kafka-3.7.0 + - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES + value: | + 3.6.0=quay.io/strimzi/kafka:0.41.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.41.0-kafka-3.6.1 + 3.6.2=quay.io/strimzi/kafka:0.41.0-kafka-3.6.2 + 3.7.0=quay.io/strimzi/kafka:0.41.0-kafka-3.7.0 + - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES + value: | + 3.6.0=quay.io/strimzi/kafka:0.41.0-kafka-3.6.0 + 3.6.1=quay.io/strimzi/kafka:0.41.0-kafka-3.6.1 + 3.6.2=quay.io/strimzi/kafka:0.41.0-kafka-3.6.2 + 3.7.0=quay.io/strimzi/kafka:0.41.0-kafka-3.7.0 + - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE + value: 'quay.io/strimzi/operator:0.41.0' + - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE + value: 'quay.io/strimzi/operator:0.41.0' + - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE + value: 'quay.io/strimzi/operator:0.41.0' + - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE + value: 'quay.io/strimzi/kafka-bridge:0.28.0' + - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE + value: 'quay.io/strimzi/kaniko-executor:0.41.0' + - name: STRIMZI_DEFAULT_MAVEN_BUILDER + value: 'quay.io/strimzi/maven-builder:0.41.0' + - name: STRIMZI_OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_FEATURE_GATES + value: '' + - name: STRIMZI_LEADER_ELECTION_ENABLED + value: 'true' + - name: STRIMZI_LEADER_ELECTION_LEASE_NAME + value: strimzi-cluster-operator + - name: STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STRIMZI_LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + fieldPath: metadata.name + livenessProbe: + httpGet: + path: /healthy + port: http + initialDelaySeconds: 10 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /ready + port: http + initialDelaySeconds: 10 + periodSeconds: 30 + resources: + limits: + cpu: 1000m + memory: 384Mi + requests: + cpu: 200m + memory: 384Mi + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkaconnectors.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaConnector + listKind: KafkaConnectorList + singular: kafkaconnector + plural: kafkaconnectors + shortNames: + - kctr + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + scale: + specReplicasPath: .spec.tasksMax + statusReplicasPath: .status.tasksMax + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka Connect cluster this connector belongs to + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: Connector class + description: The class used by this connector + jsonPath: .spec.class + type: string + - name: Max Tasks + description: Maximum number of tasks + jsonPath: .spec.tasksMax + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + class: + type: string + description: The Class for the Kafka Connector. + tasksMax: + type: integer + minimum: 1 + description: The maximum number of tasks for the Kafka Connector. + autoRestart: + type: object + properties: + enabled: + type: boolean + description: >- + Whether automatic restart for failed connectors and + tasks should be enabled or disabled. + maxRestarts: + type: integer + description: >- + The maximum number of connector restarts that the + operator will try. If the connector remains in a failed + state after reaching this limit, it must be restarted + manually by the user. Defaults to an unlimited number of + restarts. + description: Automatic restart of connector and tasks configuration. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Kafka Connector configuration. The following properties + cannot be set: connector.class, tasks.max. + pause: + type: boolean + description: Whether the connector should be paused. Defaults to false. + state: + type: string + enum: + - paused + - stopped + - running + description: The state the connector should be in. Defaults to running. + description: The specification of the Kafka Connector. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + autoRestart: + type: object + properties: + count: + type: integer + description: The number of times the connector or task is restarted. + connectorName: + type: string + description: The name of the connector being restarted. + lastRestartTimestamp: + type: string + description: >- + The last time the automatic restart was attempted. The + required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC + time zone. + description: The auto restart status. + connectorStatus: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The connector status, as reported by the Kafka Connect REST + API. + tasksMax: + type: integer + description: The maximum number of tasks for the Kafka Connector. + topics: + type: array + items: + type: string + description: The list of topics used by the Kafka Connector. + description: The status of the Kafka Connector. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-global + labels: + app: strimzi +rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - apiGroups: + - '' + resources: + - nodes + verbs: + - list + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkarebalances.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: KafkaRebalance + listKind: KafkaRebalanceList + singular: kafkarebalance + plural: kafkarebalances + shortNames: + - kr + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + description: The name of the Kafka cluster this resource rebalances + jsonPath: .metadata.labels.strimzi\.io/cluster + type: string + - name: PendingProposal + description: A proposal has been requested from Cruise Control + jsonPath: '.status.conditions[?(@.type=="PendingProposal")].status' + type: string + - name: ProposalReady + description: A proposal is ready and waiting for approval + jsonPath: '.status.conditions[?(@.type=="ProposalReady")].status' + type: string + - name: Rebalancing + description: Cruise Control is doing the rebalance + jsonPath: '.status.conditions[?(@.type=="Rebalancing")].status' + type: string + - name: Ready + description: The rebalance is complete + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + - name: NotReady + description: There is an error on the custom resource + jsonPath: '.status.conditions[?(@.type=="NotReady")].status' + type: string + - name: Stopped + description: Processing the proposal or running rebalancing was stopped + jsonPath: '.status.conditions[?(@.type=="Stopped")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + mode: + type: string + enum: + - full + - add-brokers + - remove-brokers + description: > + Mode to run the rebalancing. The supported modes are `full`, + `add-brokers`, `remove-brokers`. + + If not specified, the `full` mode is used by default. + + + * `full` mode runs the rebalancing across all the brokers in + the cluster. + + * `add-brokers` mode can be used after scaling up the + cluster to move some replicas to the newly added brokers. + + * `remove-brokers` mode can be used before scaling down the + cluster to move replicas out of the brokers to be removed. + brokers: + type: array + items: + type: integer + description: >- + The list of newly added brokers in case of scaling up or the + ones to be removed in case of scaling down to use for + rebalancing. This list can be used only with rebalancing + mode `add-brokers` and `removed-brokers`. It is ignored with + `full` mode. + goals: + type: array + items: + type: string + description: >- + A list of goals, ordered by decreasing priority, to use for + generating and executing the rebalance proposal. The + supported goals are available at + https://github.com/linkedin/cruise-control#goals. If an + empty goals list is provided, the goals declared in the + default.goals Cruise Control configuration parameter are + used. + skipHardGoalCheck: + type: boolean + description: >- + Whether to allow the hard goals specified in the Kafka CR to + be skipped in optimization proposal generation. This can be + useful when some of those hard goals are preventing a + balance solution being found. Default is false. + rebalanceDisk: + type: boolean + description: >- + Enables intra-broker disk balancing, which balances disk + space utilization between disks on the same broker. Only + applies to Kafka deployments that use JBOD storage with + multiple disks. When enabled, inter-broker balancing is + disabled. Default is false. + excludedTopics: + type: string + description: >- + A regular expression where any matching topics will be + excluded from the calculation of optimization proposals. + This expression will be parsed by the + java.util.regex.Pattern class; for more information on the + supported format consult the documentation for that class. + concurrentPartitionMovementsPerBroker: + type: integer + minimum: 0 + description: >- + The upper bound of ongoing partition replica movements going + into/out of each broker. Default is 5. + concurrentIntraBrokerPartitionMovements: + type: integer + minimum: 0 + description: >- + The upper bound of ongoing partition replica movements + between disks within each broker. Default is 2. + concurrentLeaderMovements: + type: integer + minimum: 0 + description: >- + The upper bound of ongoing partition leadership movements. + Default is 1000. + replicationThrottle: + type: integer + minimum: 0 + description: >- + The upper bound, in bytes per second, on the bandwidth used + to move replicas. There is no limit by default. + replicaMovementStrategies: + type: array + items: + type: string + description: >- + A list of strategy class names used to determine the + execution order for the replica movements in the generated + optimization proposal. By default + BaseReplicaMovementStrategy is used, which will execute the + replica movements in the order that they were generated. + description: The specification of the Kafka rebalance. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + sessionId: + type: string + description: >- + The session identifier for requests to Cruise Control + pertaining to this KafkaRebalance resource. This is used by + the Kafka Rebalance operator to track the status of ongoing + rebalancing operations. + optimizationResult: + x-kubernetes-preserve-unknown-fields: true + type: object + description: A JSON object describing the optimization result. + description: The status of the Kafka rebalance. + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: strimzi-cluster-operator + labels: + app: strimzi + namespace: xxxxxx +data: + log4j2.properties: > + name = COConfig + + monitorInterval = 30 + + + appender.console.type = Console + + appender.console.name = STDOUT + + appender.console.layout.type = PatternLayout + + appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - + %m%n + + + rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} + + rootLogger.appenderRefs = stdout + + rootLogger.appenderRef.console.ref = STDOUT + + + # Kafka AdminClient logging is a bit noisy at INFO level + + logger.kafka.name = org.apache.kafka + + logger.kafka.level = WARN + + + # Zookeeper is very verbose even on INFO level -> We set it to WARN by + default + + logger.zookeepertrustmanager.name = org.apache.zookeeper + + logger.zookeepertrustmanager.level = WARN + + + # Keeps separate level for Netty logging -> to not be changed by the root + logger + + logger.netty.name = io.netty + + logger.netty.level = INFO + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkas.kafka.strimzi.io + labels: + app: strimzi + strimzi.io/crd-install: 'true' +spec: + group: kafka.strimzi.io + names: + kind: Kafka + listKind: KafkaList + singular: kafka + plural: kafkas + shortNames: + - k + categories: + - strimzi + scope: Namespaced + conversion: + strategy: None + versions: + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Desired Kafka replicas + description: The desired number of Kafka replicas in the cluster + jsonPath: .spec.kafka.replicas + type: integer + - name: Desired ZK replicas + description: The desired number of ZooKeeper replicas in the cluster + jsonPath: .spec.zookeeper.replicas + type: integer + - name: Ready + description: The state of the custom resource + jsonPath: '.status.conditions[?(@.type=="Ready")].status' + type: string + - name: Metadata State + description: The state of the cluster metadata + jsonPath: .status.kafkaMetadataState + type: string + - name: Warnings + description: Warnings related to the custom resource + jsonPath: '.status.conditions[?(@.type=="Warning")].status' + type: string + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: >- + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind: + type: string + description: >- + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata: + type: object + spec: + type: object + properties: + kafka: + type: object + properties: + version: + type: string + description: >- + The Kafka broker version. Defaults to the latest + version. Consult the user documentation to understand + the process required to upgrade or downgrade the + version. + metadataVersion: + type: string + description: >- + The KRaft metadata version used by the Kafka cluster. + This property is ignored when running in ZooKeeper mode. + If the property is not set, it defaults to the metadata + version that corresponds to the `version` property. + replicas: + type: integer + minimum: 1 + description: >- + The number of pods in the cluster. This property is + required when node pools are not used. + image: + type: string + description: >- + The container image used for Kafka pods. If the property + is not set, the default Kafka image version is + determined based on the `version` configuration. The + image names are specifically mapped to corresponding + versions in the Cluster Operator configuration. Changing + the Kafka image version does not automatically update + the image versions for other components, such as Kafka + Exporter. + listeners: + type: array + minItems: 1 + items: + type: object + properties: + name: + type: string + pattern: '^[a-z0-9]{1,11}$' + description: >- + Name of the listener. The name will be used to + identify the listener and the related Kubernetes + objects. The name has to be unique within given a + Kafka cluster. The name can consist of lowercase + characters and numbers and be up to 11 characters + long. + port: + type: integer + minimum: 9092 + description: >- + Port number used by the listener inside Kafka. The + port number has to be unique within a given Kafka + cluster. Allowed port numbers are 9092 and higher + with the exception of ports 9404 and 9999, which + are already used for Prometheus and JMX. Depending + on the listener type, the port number might not be + the same as the port number that connects Kafka + clients. + type: + type: string + enum: + - internal + - route + - loadbalancer + - nodeport + - ingress + - cluster-ip + description: > + Type of the listener. The supported types are as + follows: + + + * `internal` type exposes Kafka internally only + within the Kubernetes cluster. + + * `route` type uses OpenShift Routes to expose + Kafka. + + * `loadbalancer` type uses LoadBalancer type + services to expose Kafka. + + * `nodeport` type uses NodePort type services to + expose Kafka. + + * `ingress` type uses Kubernetes Nginx Ingress to + expose Kafka with TLS passthrough. + + * `cluster-ip` type uses a per-broker `ClusterIP` + service. + tls: + type: boolean + description: >- + Enables TLS encryption on the listener. This is a + required property. + authentication: + type: object + properties: + accessTokenIsJwt: + type: boolean + description: >- + Configure whether the access token is treated + as JWT. This must be set to `false` if the + authorization server returns opaque tokens. + Defaults to `true`. + checkAccessTokenType: + type: boolean + description: >- + Configure whether the access token type check + is performed or not. This should be set to + `false` if the authorization server does not + include 'typ' claim in JWT token. Defaults to + `true`. + checkAudience: + type: boolean + description: >- + Enable or disable audience checking. Audience + checks identify the recipients of tokens. If + audience checking is enabled, the OAuth Client + ID also has to be configured using the + `clientId` property. The Kafka broker will + reject tokens that do not have its `clientId` + in their `aud` (audience) claim.Default value + is `false`. + checkIssuer: + type: boolean + description: >- + Enable or disable issuer checking. By default + issuer is checked using the value configured + by `validIssuerUri`. Default value is `true`. + clientAudience: + type: string + description: >- + The audience to use when making requests to + the authorization server's token endpoint. + Used for inter-broker authentication and for + configuring OAuth 2.0 over PLAIN using the + `clientId` and `secret` method. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka broker can use + to authenticate against the authorization + server and use the introspect endpoint URI. + clientScope: + type: string + description: >- + The scope to use when making requests to the + authorization server's token endpoint. Used + for inter-broker authentication and for + configuring OAuth 2.0 over PLAIN using the + `clientId` and `secret` method. + clientSecret: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is + stored in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret + containing the secret value. + required: + - key + - secretName + description: >- + Link to Kubernetes Secret containing the OAuth + client secret which the Kafka broker can use + to authenticate against the authorization + server and use the introspect endpoint URI. + connectTimeoutSeconds: + type: integer + description: >- + The connect timeout in seconds when connecting + to authorization server. If not set, the + effective connect timeout is 60 seconds. + customClaimCheck: + type: string + description: >- + JsonPath filter query to be applied to the JWT + token or to the response of the introspection + endpoint for additional token validation. Not + set by default. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. + Default value is `false`. + enableECDSA: + type: boolean + description: >- + Enable or disable ECDSA support by installing + BouncyCastle crypto provider. ECDSA support is + always enabled. The BouncyCastle libraries are + no longer packaged with Strimzi. Value is + ignored. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. Default value + is `false`. + enableOauthBearer: + type: boolean + description: >- + Enable or disable OAuth authentication over + SASL_OAUTHBEARER. Default value is `true`. + enablePlain: + type: boolean + description: >- + Enable or disable OAuth authentication over + SASL_PLAIN. There is no re-authentication + support when this mechanism is used. Default + value is `false`. + failFast: + type: boolean + description: >- + Enable or disable termination of Kafka broker + processes due to potentially recoverable + runtime errors during startup. Default value + is `true`. + fallbackUserNameClaim: + type: string + description: >- + The fallback username claim to be used for the + user id if the claim specified by + `userNameClaim` is not present. This is useful + when `client_credentials` authentication only + results in the client id being provided in + another claim. It only takes effect if + `userNameClaim` is set. + fallbackUserNamePrefix: + type: string + description: >- + The prefix to use with the value of + `fallbackUserNameClaim` to construct the user + id. This only takes effect if + `fallbackUserNameClaim` is true, and the value + is present for the claim. Mapping usernames + and client ids into the same user id space is + useful in preventing name collisions. + groupsClaim: + type: string + description: >- + JsonPath query used to extract groups for the + user during authentication. Extracted groups + can be used by a custom authorizer. By default + no groups are extracted. + groupsClaimDelimiter: + type: string + description: >- + A delimiter used to parse groups when they are + extracted as a single String value rather than + a JSON array. Default value is ',' (comma). + httpRetries: + type: integer + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the + default is to not attempt any retries. + httpRetryPauseMs: + type: integer + description: >- + The pause to take before retrying a failed + HTTP request. If not set, the default is to + not pause at all but to immediately repeat a + request. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in + requests to the authorization servers. The + default value is `true`. + introspectionEndpointUri: + type: string + description: >- + URI of the token introspection endpoint which + can be used to validate opaque non-JWT tokens. + jwksEndpointUri: + type: string + description: >- + URI of the JWKS certificate endpoint, which + can be used for local JWT validation. + jwksExpirySeconds: + type: integer + minimum: 1 + description: >- + Configures how often are the JWKS certificates + considered valid. The expiry interval has to + be at least 60 seconds longer then the refresh + interval specified in `jwksRefreshSeconds`. + Defaults to 360 seconds. + jwksIgnoreKeyUse: + type: boolean + description: >- + Flag to ignore the 'use' attribute of `key` + declarations in a JWKS endpoint response. + Default value is `false`. + jwksMinRefreshPauseSeconds: + type: integer + minimum: 0 + description: >- + The minimum pause between two consecutive + refreshes. When an unknown signing key is + encountered the refresh is scheduled + immediately, but will always wait for this + minimum pause. Defaults to 1 second. + jwksRefreshSeconds: + type: integer + minimum: 1 + description: >- + Configures how often are the JWKS certificates + refreshed. The refresh interval has to be at + least 60 seconds shorter then the expiry + interval specified in `jwksExpirySeconds`. + Defaults to 300 seconds. + listenerConfig: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Configuration to be used for a specific + listener. All values are prefixed with + listener.name.__. + maxSecondsWithoutReauthentication: + type: integer + description: >- + Maximum number of seconds the authenticated + session remains valid without + re-authentication. This enables Apache Kafka + re-authentication feature, and causes sessions + to expire when the access token expires. If + the access token expires before max time or if + max time is reached, the client has to + re-authenticate, otherwise the server will + drop the connection. Not set by default - the + authenticated session does not expire when the + access token expires. This option only applies + to SASL_OAUTHBEARER authentication mechanism + (when `enableOauthBearer` is `true`). + readTimeoutSeconds: + type: integer + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the + effective read timeout is 60 seconds. + sasl: + type: boolean + description: Enable or disable SASL on this listener. + secrets: + type: array + items: + type: object + properties: + key: + type: string + description: >- + The key under which the secret value is + stored in the Kubernetes Secret. + secretName: + type: string + description: >- + The name of the Kubernetes Secret + containing the secret value. + required: + - key + - secretName + description: >- + Secrets to be mounted to + /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the + OAuth server. + tokenEndpointUri: + type: string + description: >- + URI of the Token Endpoint to use with + SASL_PLAIN mechanism when the client + authenticates with `clientId` and a `secret`. + If set, the client can authenticate over + SASL_PLAIN by either setting `username` to + `clientId`, and setting `password` to client + `secret`, or by setting `username` to account + username, and `password` to access token + prefixed with `$accessToken:`. If this option + is not set, the `password` is always + interpreted as an access token (without a + prefix), and `username` as the account + username (a so called 'no-client-credentials' + mode). + type: + type: string + enum: + - tls + - scram-sha-512 + - oauth + - custom + description: >- + Authentication type. `oauth` type uses SASL + OAUTHBEARER Authentication. `scram-sha-512` + type uses SASL SCRAM-SHA-512 Authentication. + `tls` type uses TLS Client Authentication. + `tls` type is supported only on TLS + listeners.`custom` type allows for any + authentication type to be used. + userInfoEndpointUri: + type: string + description: >- + URI of the User Info Endpoint to use as a + fallback to obtaining the user id when the + Introspection Endpoint does not return + information that can be used for the user id. + userNameClaim: + type: string + description: >- + Name of the claim from the JWT authentication + token, Introspection Endpoint response or User + Info Endpoint response which will be used to + extract the user id. Defaults to `sub`. + validIssuerUri: + type: string + description: >- + URI of the token issuer used for + authentication. + validTokenType: + type: string + description: >- + Valid value for the `token_type` attribute + returned by the Introspection Endpoint. No + default value, and not checked by default. + required: + - type + description: Authentication configuration for this listener. + configuration: + type: object + properties: + brokerCertChainAndKey: + type: object + properties: + key: + type: string + description: The name of the private key in the Secret. + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - key + - secretName + - certificate + description: >- + Reference to the `Secret` which holds the + certificate and private key pair which will be + used for this listener. The certificate can + optionally contain the whole chain. This field + can be used only with listeners with enabled + TLS encryption. + class: + type: string + description: >- + Configures a specific class for `Ingress` and + `LoadBalancer` that defines which controller + will be used. This field can only be used with + `ingress` and `loadbalancer` type listeners. + If not specified, the default controller is + used. For an `ingress` listener, set the + `ingressClassName` property in the `Ingress` + resources. For a `loadbalancer` listener, set + the `loadBalancerClass` property in the + `Service` resources. + externalTrafficPolicy: + type: string + enum: + - Local + - Cluster + description: >- + Specifies whether the service routes external + traffic to node-local or cluster-wide + endpoints. `Cluster` may cause a second hop to + another node and obscures the client source + IP. `Local` avoids a second hop for + LoadBalancer and Nodeport type services and + preserves the client source IP (when supported + by the infrastructure). If unspecified, + Kubernetes will use `Cluster` as the + default.This field can be used only with + `loadbalancer` or `nodeport` type listener. + loadBalancerSourceRanges: + type: array + items: + type: string + description: >- + A list of CIDR ranges (for example + `10.0.0.0/8` or `130.211.204.1/32`) from which + clients can connect to load balancer type + listeners. If supported by the platform, + traffic through the loadbalancer is restricted + to the specified CIDR ranges. This field is + applicable only for loadbalancer type services + and is ignored if the cloud provider does not + support the feature. This field can be used + only with `loadbalancer` type listener. + bootstrap: + type: object + properties: + alternativeNames: + type: array + items: + type: string + description: >- + Additional alternative names for the + bootstrap service. The alternative names + will be added to the list of subject + alternative names of the TLS certificates. + host: + type: string + description: >- + The bootstrap host. This field will be + used in the Ingress resource or in the + Route resource to specify the desired + hostname. This field can be used only with + `route` (optional) or `ingress` (required) + type listeners. + nodePort: + type: integer + description: >- + Node port for the bootstrap service. This + field can be used only with `nodeport` + type listener. + loadBalancerIP: + type: string + description: >- + The loadbalancer is requested with the IP + address specified in this field. This + feature depends on whether the underlying + cloud provider supports specifying the + `loadBalancerIP` when a load balancer is + created. This field is ignored if the + cloud provider does not support the + feature.This field can be used only with + `loadbalancer` type listener. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations that will be added to the + `Ingress`, `Route`, or `Service` resource. + You can use this field to configure DNS + providers such as External DNS. This field + can be used only with `loadbalancer`, + `nodeport`, `route`, or `ingress` type + listeners. + labels: + additionalProperties: + type: string + type: object + description: >- + Labels that will be added to the + `Ingress`, `Route`, or `Service` resource. + This field can be used only with + `loadbalancer`, `nodeport`, `route`, or + `ingress` type listeners. + externalIPs: + type: array + items: + type: string + description: >- + External IPs associated to the nodeport + service. These IPs are used by clients + external to the Kubernetes cluster to + access the Kafka brokers. This field is + helpful when `nodeport` without + `externalIP` is not sufficient. For + example on bare-metal Kubernetes clusters + that do not support Loadbalancer service + types. This field can only be used with + `nodeport` type listener. + description: Bootstrap configuration. + brokers: + type: array + items: + type: object + properties: + broker: + type: integer + description: >- + ID of the kafka broker (broker + identifier). Broker IDs start from 0 and + correspond to the number of broker + replicas. + advertisedHost: + type: string + description: >- + The host name used in the brokers' + `advertised.listeners`. + advertisedPort: + type: integer + description: >- + The port number used in the brokers' + `advertised.listeners`. + host: + type: string + description: >- + The broker host. This field will be used + in the Ingress resource or in the Route + resource to specify the desired + hostname. This field can be used only + with `route` (optional) or `ingress` + (required) type listeners. + nodePort: + type: integer + description: >- + Node port for the per-broker service. + This field can be used only with + `nodeport` type listener. + loadBalancerIP: + type: string + description: >- + The loadbalancer is requested with the + IP address specified in this field. This + feature depends on whether the + underlying cloud provider supports + specifying the `loadBalancerIP` when a + load balancer is created. This field is + ignored if the cloud provider does not + support the feature.This field can be + used only with `loadbalancer` type + listener. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations that will be added to the + `Ingress` or `Service` resource. You can + use this field to configure DNS + providers such as External DNS. This + field can be used only with + `loadbalancer`, `nodeport`, or `ingress` + type listeners. + labels: + additionalProperties: + type: string + type: object + description: >- + Labels that will be added to the + `Ingress`, `Route`, or `Service` + resource. This field can be used only + with `loadbalancer`, `nodeport`, + `route`, or `ingress` type listeners. + externalIPs: + type: array + items: + type: string + description: >- + External IPs associated to the nodeport + service. These IPs are used by clients + external to the Kubernetes cluster to + access the Kafka brokers. This field is + helpful when `nodeport` without + `externalIP` is not sufficient. For + example on bare-metal Kubernetes + clusters that do not support + Loadbalancer service types. This field + can only be used with `nodeport` type + listener. + required: + - broker + description: Per-broker configurations. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two + IP families on dual-stack configured clusters. + If unspecified, Kubernetes will choose the + default value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the + default value based on the `ipFamilyPolicy` + setting. + createBootstrapService: + type: boolean + description: >- + Whether to create the bootstrap service or + not. The bootstrap service is created by + default (if not specified differently). This + field can be used with the `loadBalancer` type + listener. + finalizers: + type: array + items: + type: string + description: >- + A list of finalizers which will be configured + for the `LoadBalancer` type Services created + for this listener. If supported by the + platform, the finalizer + `service.kubernetes.io/load-balancer-cleanup` + to make sure that the external load balancer + is deleted together with the service.For more + information, see + https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. + This field can be used only with + `loadbalancer` type listeners. + useServiceDnsDomain: + type: boolean + description: >- + Configures whether the Kubernetes service DNS + domain should be used or not. If set to + `true`, the generated addresses will contain + the service DNS domain suffix (by default + `.cluster.local`, can be configured using + environment variable + `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to + `false`.This field can be used only with + `internal` and `cluster-ip` type listeners. + maxConnections: + type: integer + description: >- + The maximum number of connections we allow for + this listener in the broker at any time. New + connections are blocked if the limit is + reached. + maxConnectionCreationRate: + type: integer + description: >- + The maximum connection creation rate we allow + in this listener at any time. New connections + will be throttled if the limit is reached. + preferredNodePortAddressType: + type: string + enum: + - ExternalIP + - ExternalDNS + - InternalIP + - InternalDNS + - Hostname + description: >- + Defines which address type should be used as + the node address. Available types are: + `ExternalDNS`, `ExternalIP`, `InternalDNS`, + `InternalIP` and `Hostname`. By default, the + addresses will be used in the following order + (the first one found will be used): + + + * `ExternalDNS` + + * `ExternalIP` + + * `InternalDNS` + + * `InternalIP` + + * `Hostname` + + + This field is used to select the preferred + address type, which is checked first. If no + address is found for this address type, the + other types are checked in the default order. + This field can only be used with `nodeport` + type listener. + description: Additional listener configuration. + networkPolicyPeers: + type: array + items: + type: object + properties: + ipBlock: + type: object + properties: + cidr: + type: string + except: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + description: >- + List of peers which should be able to connect to + this listener. Peers in this list are combined + using a logical OR operation. If this field is + empty or missing, all connections will be allowed + for this listener. If this field is present and + contains at least one item, the listener only + allows the traffic which matches at least one item + in this list. + required: + - name + - port + - type + - tls + description: Configures listeners of Kafka brokers. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + Kafka broker config properties with the following + prefixes cannot be set: listeners, advertised., broker., + listener., host.name, port, inter.broker.listener.name, + sasl., ssl., security., password., log.dir, + zookeeper.connect, zookeeper.set.acl, zookeeper.ssl, + zookeeper.clientCnxnSocket, authorizer., super.user, + cruise.control.metrics.topic, + cruise.control.metrics.reporter.bootstrap.servers, + node.id, process.roles, controller., metadata.log.dir, + zookeeper.metadata.migration.enable (with the exception + of: zookeeper.connection.timeout.ms, + sasl.server.max.receive.size, ssl.cipher.suites, + ssl.protocol, ssl.enabled.protocols, + ssl.secure.random.implementation, + cruise.control.metrics.topic.num.partitions, + cruise.control.metrics.topic.replication.factor, + cruise.control.metrics.topic.retention.ms, + cruise.control.metrics.topic.auto.create.retries, + cruise.control.metrics.topic.auto.create.timeout.ms, + cruise.control.metrics.topic.min.insync.replicas, + controller.quorum.election.backoff.max.ms, + controller.quorum.election.timeout.ms, + controller.quorum.fetch.timeout.ms). + storage: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. It is mandatory only + for storage volumes defined in a storage of type + 'jbod'. + kraftMetadata: + type: string + enum: + - shared + description: >- + Specifies whether this volume should be used for + storing KRaft metadata. This property is optional. + When set, the only currently supported value is + `shared`. At most one volume can have this property + set. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` + field allows to specify a different configuration + for different brokers. + selector: + additionalProperties: + type: string + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When `type=persistent-claim`, defines the size of + the persistent volume claim, such as 100Gi. + Mandatory when `type=persistent-claim`. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of + local storage required for this EmptyDir volume (for + example 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + - jbod + description: >- + Storage type, must be either 'ephemeral', + 'persistent-claim', or 'jbod'. + volumes: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has + to be deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. Mandatory for + storage volumes defined with a `jbod` storage + type configuration. + kraftMetadata: + type: string + enum: + - shared + description: >- + Specifies whether this volume should be used + for storing KRaft metadata. This property is + optional. When set, the only currently + supported value is `shared`. At most one + volume can have this property set. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic + volume allocation for this broker. + broker: + type: integer + description: >- + Id of the kafka broker (broker + identifier). + description: >- + Overrides for individual brokers. The + `overrides` field allows to specify a + different configuration for different brokers. + selector: + additionalProperties: + type: string + type: object + description: >- + Specifies a specific persistent volume to use. + It contains key:value pairs representing + labels for selecting such a volume. + size: + type: string + description: >- + When `type=persistent-claim`, defines the size + of the persistent volume claim, such as 100Gi. + Mandatory when `type=persistent-claim`. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount + of local storage required for this EmptyDir + volume (for example 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + description: >- + Storage type, must be either 'ephemeral' or + 'persistent-claim'. + required: + - type + description: >- + List of volumes as Storage objects representing the + JBOD disks array. + required: + - type + description: >- + Storage configuration (disk). Cannot be updated. This + property is required when node pools are not used. + authorization: + type: object + properties: + allowOnError: + type: boolean + description: >- + Defines whether a Kafka client should be allowed or + denied by default when the authorizer fails to query + the Open Policy Agent, for example, when it is + temporarily unavailable). Defaults to `false` - all + actions will be denied. + authorizerClass: + type: string + description: >- + Authorization implementation class, which must be + available in classpath. + clientId: + type: string + description: >- + OAuth Client ID which the Kafka client can use to + authenticate against the OAuth server and use the + token endpoint URI. + connectTimeoutSeconds: + type: integer + minimum: 1 + description: >- + The connect timeout in seconds when connecting to + authorization server. If not set, the effective + connect timeout is 60 seconds. + delegateToKafkaAcls: + type: boolean + description: >- + Whether authorization decision should be delegated + to the 'Simple' authorizer if DENIED by Keycloak + Authorization Services policies. Default value is + `false`. + disableTlsHostnameVerification: + type: boolean + description: >- + Enable or disable TLS hostname verification. Default + value is `false`. + enableMetrics: + type: boolean + description: >- + Enable or disable OAuth metrics. The default value + is `false`. + expireAfterMs: + type: integer + description: >- + The expiration of the records kept in the local + cache to avoid querying the Open Policy Agent for + every request. Defines how often the cached + authorization decisions are reloaded from the Open + Policy Agent server. In milliseconds. Defaults to + `3600000`. + grantsAlwaysLatest: + type: boolean + description: >- + Controls whether the latest grants are fetched for a + new session. When enabled, grants are retrieved from + Keycloak and cached for the user. The default value + is `false`. + grantsGcPeriodSeconds: + type: integer + minimum: 1 + description: >- + The time, in seconds, between consecutive runs of a + job that cleans stale grants from the cache. The + default value is 300. + grantsMaxIdleTimeSeconds: + type: integer + minimum: 1 + description: >- + The time, in seconds, after which an idle grant can + be evicted from the cache. The default value is 300. + grantsRefreshPeriodSeconds: + type: integer + minimum: 0 + description: >- + The time between two consecutive grants refresh runs + in seconds. The default value is 60. + grantsRefreshPoolSize: + type: integer + minimum: 1 + description: >- + The number of threads to use to refresh grants for + active sessions. The more threads, the more + parallelism, so the sooner the job completes. + However, using more threads places a heavier load on + the authorization server. The default value is 5. + httpRetries: + type: integer + minimum: 0 + description: >- + The maximum number of retries to attempt if an + initial HTTP request fails. If not set, the default + is to not attempt any retries. + includeAcceptHeader: + type: boolean + description: >- + Whether the Accept header should be set in requests + to the authorization servers. The default value is + `true`. + initialCacheCapacity: + type: integer + description: >- + Initial capacity of the local cache used by the + authorizer to avoid querying the Open Policy Agent + for every request Defaults to `5000`. + maximumCacheSize: + type: integer + description: >- + Maximum capacity of the local cache used by the + authorizer to avoid querying the Open Policy Agent + for every request. Defaults to `50000`. + readTimeoutSeconds: + type: integer + minimum: 1 + description: >- + The read timeout in seconds when connecting to + authorization server. If not set, the effective read + timeout is 60 seconds. + superUsers: + type: array + items: + type: string + description: >- + List of super users, which are user principals with + unlimited access rights. + supportsAdminApi: + type: boolean + description: >- + Indicates whether the custom authorizer supports the + APIs for managing ACLs using the Kafka Admin API. + Defaults to `false`. + tlsTrustedCertificates: + type: array + items: + type: object + properties: + secretName: + type: string + description: >- + The name of the Secret containing the + certificate. + certificate: + type: string + description: >- + The name of the file certificate in the + Secret. + required: + - secretName + - certificate + description: >- + Trusted certificates for TLS connection to the OAuth + server. + tokenEndpointUri: + type: string + description: Authorization server token endpoint URI. + type: + type: string + enum: + - simple + - opa + - keycloak + - custom + description: >- + Authorization type. Currently, the supported types + are `simple`, `keycloak`, `opa` and `custom`. + `simple` authorization type uses Kafka's built-in + authorizer for authorization. `keycloak` + authorization type uses Keycloak Authorization + Services for authorization. `opa` authorization type + uses Open Policy Agent based authorization.`custom` + authorization type uses user-provided implementation + for authorization. + url: + type: string + example: 'http://opa:8181/v1/data/kafka/authz/allow' + description: >- + The URL used to connect to the Open Policy Agent + server. The URL has to include the policy which will + be queried by the authorizer. This option is + required. + required: + - type + description: Authorization configuration for Kafka brokers. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: >- + A key that matches labels assigned to the Kubernetes + cluster nodes. The value of the label is used to set + a broker's `broker.rack` config, and the + `client.rack` config for Kafka Connect or + MirrorMaker 2. + required: + - topologyKey + description: Configuration of the `broker.rack` broker config. + brokerRackInitImage: + type: string + description: >- + The image of the init container used for initializing + the `broker.rack`. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: >- + Authentication type. Currently the only + supported types are `password`.`password` type + creates a username and protected port with no + TLS. + required: + - type + description: >- + Authentication configuration for connecting to the + JMX port. + description: JMX Options for Kafka brokers. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for Kafka. + template: + type: object + properties: + statefulset: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + podManagementPolicy: + type: string + enum: + - OrderedReady + - Parallel + description: >- + PodManagementPolicy which will be used for this + StatefulSet. Valid values are `Parallel` and + `OrderedReady`. Defaults to `Parallel`. + description: Template for Kafka `StatefulSet`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for Kafka `Pods`. + bootstrapService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka bootstrap `Service`. + brokersService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Kafka broker `Service`. + externalBootstrapService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Service`. + perPodService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Services` used for + access from outside of Kubernetes. + externalBootstrapRoute: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Route`. + perPodRoute: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Routes` used for access + from outside of OpenShift. + externalBootstrapIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka external bootstrap `Ingress`. + perPodIngress: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Kafka per-pod `Ingress` used for access + from outside of Kubernetes. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for all Kafka `PersistentVolumeClaims`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is + allowed when the `maxUnavailable` number of pods + or fewer are unavailable after the eviction. + Setting this value to 0 prevents all voluntary + evictions, so the pods must be evicted manually. + Defaults to 1. + description: Template for Kafka `PodDisruptionBudget`. + kafkaContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka broker container. + initContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka init container. + clusterCaCert: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Secret with Kafka Cluster certificate + public key. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Kafka service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Secret of the Kafka Cluster JMX + authentication. + clusterRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Kafka ClusterRoleBinding. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + description: >- + Template for Kafka cluster resources. The template + allows users to specify how the Kubernetes resources are + generated. + tieredStorage: + type: object + properties: + remoteStorageManager: + type: object + properties: + className: + type: string + description: >- + The class name for the `RemoteStorageManager` + implementation. + classPath: + type: string + description: >- + The class path for the `RemoteStorageManager` + implementation. + config: + additionalProperties: + type: string + type: object + description: >- + The additional configuration map for the + `RemoteStorageManager` implementation. Keys will + be automatically prefixed with `rsm.config.`, + and added to Kafka broker configuration. + description: Configuration for the Remote Storage Manager. + type: + type: string + enum: + - custom + description: >- + Storage type, only 'custom' is supported at the + moment. + required: + - type + description: Configure the tiered storage feature for Kafka brokers. + required: + - listeners + description: Configuration of the Kafka cluster. + zookeeper: + type: object + properties: + replicas: + type: integer + minimum: 1 + description: The number of pods in the cluster. + image: + type: string + description: >- + The container image used for ZooKeeper pods. If no image + name is explicitly specified, it is determined based on + the Kafka version set in `spec.kafka.version`. The image + names are specifically mapped to corresponding versions + in the Cluster Operator configuration. + storage: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation. + deleteClaim: + type: boolean + description: >- + Specifies if the persistent volume claim has to be + deleted when the cluster is un-deployed. + id: + type: integer + minimum: 0 + description: >- + Storage identification number. Mandatory for storage + volumes defined with a `jbod` storage type + configuration. + kraftMetadata: + type: string + enum: + - shared + description: >- + Specifies whether this volume should be used for + storing KRaft metadata. This property is optional. + When set, the only currently supported value is + `shared`. At most one volume can have this property + set. + overrides: + type: array + items: + type: object + properties: + class: + type: string + description: >- + The storage class to use for dynamic volume + allocation for this broker. + broker: + type: integer + description: Id of the kafka broker (broker identifier). + description: >- + Overrides for individual brokers. The `overrides` + field allows to specify a different configuration + for different brokers. + selector: + additionalProperties: + type: string + type: object + description: >- + Specifies a specific persistent volume to use. It + contains key:value pairs representing labels for + selecting such a volume. + size: + type: string + description: >- + When `type=persistent-claim`, defines the size of + the persistent volume claim, such as 100Gi. + Mandatory when `type=persistent-claim`. + sizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + When type=ephemeral, defines the total amount of + local storage required for this EmptyDir volume (for + example 1Gi). + type: + type: string + enum: + - ephemeral + - persistent-claim + description: >- + Storage type, must be either 'ephemeral' or + 'persistent-claim'. + required: + - type + description: Storage configuration (disk). Cannot be updated. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The ZooKeeper broker config. Properties with the + following prefixes cannot be set: server., dataDir, + dataLogDir, clientPort, authProvider, quorum.auth, + requireClientAuthScheme, snapshot.trust.empty, + standaloneEnabled, reconfigEnabled, + 4lw.commands.whitelist, secureClientPort, ssl., + serverCnxnFactory, sslQuorum (with the exception of: + ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, + ssl.quorum.enabledProtocols, ssl.ciphersuites, + ssl.quorum.ciphersuites, ssl.hostnameVerification, + ssl.quorum.hostnameVerification). + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod readiness checking. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: >- + Authentication type. Currently the only + supported types are `password`.`password` type + creates a username and protected port with no + TLS. + required: + - type + description: >- + Authentication configuration for connecting to the + JMX port. + description: JMX Options for Zookeeper nodes. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration for ZooKeeper. + template: + type: object + properties: + statefulset: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + podManagementPolicy: + type: string + enum: + - OrderedReady + - Parallel + description: >- + PodManagementPolicy which will be used for this + StatefulSet. Valid values are `Parallel` and + `OrderedReady`. Defaults to `Parallel`. + description: Template for ZooKeeper `StatefulSet`. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for ZooKeeper `StrimziPodSet` resource. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for ZooKeeper `Pods`. + clientService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for ZooKeeper client `Service`. + nodesService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for ZooKeeper nodes `Service`. + persistentVolumeClaim: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for all ZooKeeper `PersistentVolumeClaims`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is + allowed when the `maxUnavailable` number of pods + or fewer are unavailable after the eviction. + Setting this value to 0 prevents all voluntary + evictions, so the pods must be evicted manually. + Defaults to 1. + description: Template for ZooKeeper `PodDisruptionBudget`. + zookeeperContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the ZooKeeper container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the ZooKeeper service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: >- + Template for Secret of the Zookeeper Cluster JMX + authentication. + description: >- + Template for ZooKeeper cluster resources. The template + allows users to specify how the Kubernetes resources are + generated. + required: + - replicas + - storage + description: >- + Configuration of the ZooKeeper cluster. This section is + required when running a ZooKeeper-based Apache Kafka + cluster. + entityOperator: + type: object + properties: + topicOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the Topic Operator should watch. + image: + type: string + description: The image to use for the Topic Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + startupProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod startup checking. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + topicMetadataMaxAttempts: + type: integer + minimum: 0 + description: The number of attempts at getting topic metadata. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: >- + Logging type, must be either 'inline' or + 'external'. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap + containing the configuration. + description: >- + `ConfigMap` entry where the logging + configuration is stored. + required: + - type + description: Logging configuration. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging + is enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will + be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the Topic Operator. + userOperator: + type: object + properties: + watchedNamespace: + type: string + description: The namespace the User Operator should watch. + image: + type: string + description: The image to use for the User Operator. + reconciliationIntervalSeconds: + type: integer + minimum: 0 + description: Interval between periodic reconciliations. + zookeeperSessionTimeoutSeconds: + type: integer + minimum: 0 + description: Timeout for the ZooKeeper session. + secretPrefix: + type: string + description: >- + The prefix that will be added to the KafkaUser name + to be used as the Secret name. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: >- + Logging type, must be either 'inline' or + 'external'. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap + containing the configuration. + description: >- + `ConfigMap` entry where the logging + configuration is stored. + required: + - type + description: Logging configuration. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging + is enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will + be passed using the `-D` option to the JVM. + description: JVM Options for pods. + description: Configuration of the User Operator. + tlsSidecar: + type: object + properties: + image: + type: string + description: The docker image for the container. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + logLevel: + type: string + enum: + - emerg + - alert + - crit + - err + - warning + - notice + - info + - debug + description: >- + The log level for the TLS sidecar. Default value is + `notice`. + description: TLS sidecar configuration. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Entity Operator `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for Entity Operator `Pods`. + topicOperatorContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Entity Topic Operator container. + userOperatorContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Entity User Operator container. + tlsSidecarContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Entity Operator TLS sidecar + container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator service account. + entityOperatorRole: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Operator Role. + topicOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + userOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + description: >- + Template for Entity Operator resources. The template + allows users to specify how a `Deployment` and `Pod` is + generated. + description: Configuration of the Entity Operator. + clusterCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: >- + If true then Certificate Authority certificates will be + generated automatically. Otherwise the user will need to + provide a Secret with the CA certificate. Default is + true. + generateSecretOwnerReference: + type: boolean + description: >- + If `true`, the Cluster and Client CA Secrets are + configured with the `ownerReference` set to the `Kafka` + resource. If the `Kafka` resource is deleted when + `true`, the CA Secrets are also deleted. If `false`, the + `ownerReference` is disabled. If the `Kafka` resource is + deleted when `false`, the CA Secrets are retained and + available for reuse. Default is `true`. + validityDays: + type: integer + minimum: 1 + description: >- + The number of days generated certificates should be + valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: >- + The number of days in the certificate renewal period. + This is the number of days before the a certificate + expires during which renewal actions may be performed. + When `generateCertificateAuthority` is true, this will + cause the generation of a new certificate. When + `generateCertificateAuthority` is true, this will cause + extra logging at WARN level about the pending + certificate expiry. Default is 30. + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: >- + How should CA certificate expiration be handled when + `generateCertificateAuthority=true`. The default is for + a new CA certificate to be generated reusing the + existing private key. + description: Configuration of the cluster certificate authority. + clientsCa: + type: object + properties: + generateCertificateAuthority: + type: boolean + description: >- + If true then Certificate Authority certificates will be + generated automatically. Otherwise the user will need to + provide a Secret with the CA certificate. Default is + true. + generateSecretOwnerReference: + type: boolean + description: >- + If `true`, the Cluster and Client CA Secrets are + configured with the `ownerReference` set to the `Kafka` + resource. If the `Kafka` resource is deleted when + `true`, the CA Secrets are also deleted. If `false`, the + `ownerReference` is disabled. If the `Kafka` resource is + deleted when `false`, the CA Secrets are retained and + available for reuse. Default is `true`. + validityDays: + type: integer + minimum: 1 + description: >- + The number of days generated certificates should be + valid for. The default is 365. + renewalDays: + type: integer + minimum: 1 + description: >- + The number of days in the certificate renewal period. + This is the number of days before the a certificate + expires during which renewal actions may be performed. + When `generateCertificateAuthority` is true, this will + cause the generation of a new certificate. When + `generateCertificateAuthority` is true, this will cause + extra logging at WARN level about the pending + certificate expiry. Default is 30. + certificateExpirationPolicy: + type: string + enum: + - renew-certificate + - replace-key + description: >- + How should CA certificate expiration be handled when + `generateCertificateAuthority=true`. The default is for + a new CA certificate to be generated reusing the + existing private key. + description: Configuration of the clients certificate authority. + cruiseControl: + type: object + properties: + image: + type: string + description: >- + The container image used for Cruise Control pods. If no + image name is explicitly specified, the image name + corresponds to the name specified in the Cluster + Operator configuration. If an image name is not defined + in the Cluster Operator configuration, a default value + is used. + tlsSidecar: + type: object + properties: + image: + type: string + description: The docker image for the container. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod liveness checking. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is + first checked. Default to 15 seconds. Minimum + value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. + Default to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + description: Pod readiness checking. + logLevel: + type: string + enum: + - emerg + - alert + - crit + - err + - warning + - notice + - info + - debug + description: >- + The log level for the TLS sidecar. Default value is + `notice`. + description: TLS sidecar configuration. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: >- + CPU and memory resources to reserve for the Cruise + Control container. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod liveness checking for the Cruise Control container. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod readiness checking for the Cruise Control container. + jvmOptions: + type: object + properties: + '-XX': + additionalProperties: + type: string + type: object + description: A map of -XX options to the JVM. + '-Xmx': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xmx option to to the JVM.' + '-Xms': + type: string + pattern: '^[0-9]+[mMgG]?$' + description: '-Xms option to to the JVM.' + gcLoggingEnabled: + type: boolean + description: >- + Specifies whether the Garbage Collection logging is + enabled. The default is false. + javaSystemProperties: + type: array + items: + type: object + properties: + name: + type: string + description: The system property name. + value: + type: string + description: The system property value. + description: >- + A map of additional system properties which will be + passed using the `-D` option to the JVM. + description: JVM Options for the Cruise Control container. + logging: + type: object + properties: + loggers: + additionalProperties: + type: string + type: object + description: A Map from logger name to logger level. + type: + type: string + enum: + - inline + - external + description: 'Logging type, must be either ''inline'' or ''external''.' + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + `ConfigMap` entry where the logging configuration is + stored. + required: + - type + description: Logging configuration (Log4j 2) for Cruise Control. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Cruise Control `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for Cruise Control `Pods`. + apiService: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: >- + Specifies the IP Family Policy used by the + service. Available options are `SingleStack`, + `PreferDualStack` and `RequireDualStack`. + `SingleStack` is for a single IP family. + `PreferDualStack` is for two IP families on + dual-stack configured clusters or a single IP + family on single-stack clusters. + `RequireDualStack` fails unless there are two IP + families on dual-stack configured clusters. If + unspecified, Kubernetes will choose the default + value based on the service type. + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: >- + Specifies the IP Families used by the service. + Available options are `IPv4` and `IPv6`. If + unspecified, Kubernetes will choose the default + value based on the `ipFamilyPolicy` setting. + description: Template for Cruise Control API `Service`. + podDisruptionBudget: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: >- + Metadata to apply to the + `PodDisruptionBudgetTemplate` resource. + maxUnavailable: + type: integer + minimum: 0 + description: >- + Maximum number of unavailable pods to allow + automatic Pod eviction. A Pod eviction is + allowed when the `maxUnavailable` number of pods + or fewer are unavailable after the eviction. + Setting this value to 0 prevents all voluntary + evictions, so the pods must be evicted manually. + Defaults to 1. + description: Template for Cruise Control `PodDisruptionBudget`. + cruiseControlContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Cruise Control container. + tlsSidecarContainer: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: >- + Template for the Cruise Control TLS sidecar + container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Cruise Control service account. + description: >- + Template to specify how Cruise Control resources, + `Deployments` and `Pods`, are generated. + brokerCapacity: + type: object + properties: + disk: + type: string + pattern: '^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$' + description: >- + Broker capacity for disk in bytes. Use a number + value with either standard Kubernetes byte units (K, + M, G, or T), their bibyte (power of two) equivalents + (Ki, Mi, Gi, or Ti), or a byte value with or without + E notation. For example, 100000M, 100000Mi, + 104857600000, or 1e+11. + cpuUtilization: + type: integer + minimum: 0 + maximum: 100 + description: >- + Broker capacity for CPU resource utilization as a + percentage (0 - 100). + cpu: + type: string + pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' + description: >- + Broker capacity for CPU resource in cores or + millicores. For example, 1, 1.500, 1500m. For more + information on valid CPU resource units see + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. + inboundNetwork: + type: string + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for inbound network throughput in + bytes per second. Use an integer value with standard + Kubernetes byte units (K, M, G) or their bibyte + (power of two) equivalents (Ki, Mi, Gi) per second. + For example, 10000KiB/s. + outboundNetwork: + type: string + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for outbound network throughput in + bytes per second. Use an integer value with standard + Kubernetes byte units (K, M, G) or their bibyte + (power of two) equivalents (Ki, Mi, Gi) per second. + For example, 10000KiB/s. + overrides: + type: array + items: + type: object + properties: + brokers: + type: array + items: + type: integer + description: List of Kafka brokers (broker identifiers). + cpu: + type: string + pattern: '^[0-9]+([.][0-9]{0,3}|[m]?)$' + description: >- + Broker capacity for CPU resource in cores or + millicores. For example, 1, 1.500, 1500m. For + more information on valid CPU resource units + see + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. + inboundNetwork: + type: string + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for inbound network throughput + in bytes per second. Use an integer value with + standard Kubernetes byte units (K, M, G) or + their bibyte (power of two) equivalents (Ki, + Mi, Gi) per second. For example, 10000KiB/s. + outboundNetwork: + type: string + pattern: '^[0-9]+([KMG]i?)?B/s$' + description: >- + Broker capacity for outbound network + throughput in bytes per second. Use an integer + value with standard Kubernetes byte units (K, + M, G) or their bibyte (power of two) + equivalents (Ki, Mi, Gi) per second. For + example, 10000KiB/s. + required: + - brokers + description: >- + Overrides for individual brokers. The `overrides` + property lets you specify a different capacity + configuration for different brokers. + description: The Cruise Control `brokerCapacity` configuration. + config: + x-kubernetes-preserve-unknown-fields: true + type: object + description: >- + The Cruise Control configuration. For a full list of + configuration options refer to + https://github.com/linkedin/cruise-control/wiki/Configurations. + Note that properties with the following prefixes cannot + be set: bootstrap.servers, client.id, zookeeper., + network., security., + failed.brokers.zk.path,webserver.http., + webserver.api.urlprefix, webserver.session.path, + webserver.accesslog., two.step., + request.reason.required,metric.reporter.sampler.bootstrap.servers, + capacity.config.file, self.healing., ssl., + kafka.broker.failure.detection.enable, + topic.config.provider.class (with the exception of: + ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, + webserver.http.cors.enabled, webserver.http.cors.origin, + webserver.http.cors.exposeheaders, + webserver.security.enable, webserver.ssl.enable). + metricsConfig: + type: object + properties: + type: + type: string + enum: + - jmxPrometheusExporter + description: >- + Metrics type. Only 'jmxPrometheusExporter' supported + currently. + valueFrom: + type: object + properties: + configMapKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: >- + Reference to the key in the ConfigMap containing + the configuration. + description: >- + ConfigMap entry where the Prometheus JMX Exporter + configuration is stored. + required: + - type + - valueFrom + description: Metrics configuration. + description: >- + Configuration for Cruise Control deployment. Deploys a + Cruise Control instance when specified. + jmxTrans: + type: object + properties: + image: + type: string + description: The image to use for the JmxTrans. + outputDefinitions: + type: array + items: + type: object + properties: + outputType: + type: string + description: >- + Template for setting the format of the data that + will be pushed.For more information see + https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans + OutputWriters]. + host: + type: string + description: >- + The DNS/hostname of the remote host that the data + is pushed to. + port: + type: integer + description: >- + The port of the remote host that the data is + pushed to. + flushDelayInSeconds: + type: integer + description: >- + How many seconds the JmxTrans waits before pushing + a new set of data out. + typeNames: + type: array + items: + type: string + description: >- + Template for filtering data to be included in + response to a wildcard query. For more information + see + https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans + queries]. + name: + type: string + description: >- + Template for setting the name of the output + definition. This is used to identify where to send + the results of queries should be sent. + required: + - outputType + - name + description: >- + Defines the output hosts that will be referenced later + on. For more information on these properties see, + xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` + schema reference]. + logLevel: + type: string + description: >- + Sets the logging level of the JmxTrans deployment.For + more information see, + https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans + Logging Level]. + kafkaQueries: + type: array + items: + type: object + properties: + targetMBean: + type: string + description: >- + If using wildcards instead of a specific MBean + then the data is gathered from multiple MBeans. + Otherwise if specifying an MBean then data is + gathered from that specified MBean. + attributes: + type: array + items: + type: string + description: >- + Determine which attributes of the targeted MBean + should be included. + outputs: + type: array + items: + type: string + description: >- + List of the names of output definitions specified + in the spec.kafka.jmxTrans.outputDefinitions that + have defined where JMX metrics are pushed to, and + in which data format. + required: + - targetMBean + - attributes + - outputs + description: >- + Queries to send to the Kafka brokers to define what data + should be read from each broker. For more information on + these properties see, + xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` + schema reference]. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for JmxTrans `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for JmxTrans `Pods`. + container: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for JmxTrans container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the JmxTrans service account. + description: Template for JmxTrans resources. + required: + - outputDefinitions + - kafkaQueries + description: >- + As of Strimzi 0.35.0, JMXTrans is not supported anymore and + this option is ignored. + kafkaExporter: + type: object + properties: + image: + type: string + description: >- + The container image used for the Kafka Exporter pods. If + no image name is explicitly specified, the image name + corresponds to the version specified in the Cluster + Operator configuration. If an image name is not defined + in the Cluster Operator configuration, a default value + is used. + groupRegex: + type: string + description: >- + Regular expression to specify which consumer groups to + collect. Default value is `.*`. + topicRegex: + type: string + description: >- + Regular expression to specify which topics to collect. + Default value is `.*`. + groupExcludeRegex: + type: string + description: >- + Regular expression to specify which consumer groups to + exclude. + topicExcludeRegex: + type: string + description: Regular expression to specify which topics to exclude. + resources: + type: object + properties: + claims: + type: array + items: + type: object + properties: + name: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: >- + ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + description: CPU and memory resources to reserve. + logging: + type: string + description: >- + Only log messages with the given severity or above. + Valid levels: [`info`, `debug`, `trace`]. Default log + level is `info`. + livenessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod liveness check. + readinessProbe: + type: object + properties: + initialDelaySeconds: + type: integer + minimum: 0 + description: >- + The initial delay before first the health is first + checked. Default to 15 seconds. Minimum value is 0. + timeoutSeconds: + type: integer + minimum: 1 + description: >- + The timeout for each attempted health check. Default + to 5 seconds. Minimum value is 1. + periodSeconds: + type: integer + minimum: 1 + description: >- + How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + successThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + failureThreshold: + type: integer + minimum: 1 + description: >- + Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + description: Pod readiness check. + enableSaramaLogging: + type: boolean + description: >- + Enable Sarama logging, a Go client library used by the + Kafka Exporter. + showAllOffsets: + type: boolean + description: >- + Whether show the offset/lag for all consumer group, + otherwise, only show connected consumer groups. + template: + type: object + properties: + deployment: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: >- + Pod replacement strategy for deployment + configuration changes. Valid values are + `RollingUpdate` and `Recreate`. Defaults to + `RollingUpdate`. + description: Template for Kafka Exporter `Deployment`. + pod: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + description: >- + List of references to secrets in the same + namespace to use for pulling any of the images + used by this Pod. When the + `STRIMZI_IMAGE_PULL_SECRETS` environment + variable in Cluster Operator and the + `imagePullSecrets` option are specified, only + the `imagePullSecrets` variable is used and the + `STRIMZI_IMAGE_PULL_SECRETS` variable is + ignored. + securityContext: + type: object + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + supplementalGroups: + type: array + items: + type: integer + sysctls: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: >- + Configures pod-level security attributes and + common container settings. + terminationGracePeriodSeconds: + type: integer + minimum: 0 + description: >- + The grace period is the duration in seconds + after the processes running in the pod are sent + a termination signal, and the time when the + processes are forcibly halted with a kill + signal. Set this value to longer than the + expected cleanup time for your process. Value + must be a non-negative integer. A zero value + indicates delete immediately. You might need to + increase the grace period for very large Kafka + clusters, so that the Kafka brokers have enough + time to transfer their work to another broker + before they are terminated. Defaults to 30 + seconds. + affinity: + type: object + properties: + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + podAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + weight: + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + mismatchLabelKeys: + type: array + items: + type: string + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + namespaces: + type: array + items: + type: string + topologyKey: + type: string + description: The pod's affinity rules. + tolerations: + type: array + items: + type: object + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + description: The pod's tolerations. + topologySpreadConstraints: + type: array + items: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchLabels: + additionalProperties: + type: string + type: object + matchLabelKeys: + type: array + items: + type: string + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + description: The pod's topology spread constraints. + priorityClassName: + type: string + description: >- + The name of the priority class used to assign + priority to the pods. + schedulerName: + type: string + description: >- + The name of the scheduler used to dispatch this + `Pod`. If not specified, the default scheduler + will be used. + hostAliases: + type: array + items: + type: object + properties: + hostnames: + type: array + items: + type: string + ip: + type: string + description: >- + The pod's HostAliases. HostAliases is an + optional list of hosts and IPs that will be + injected into the Pod's hosts file if specified. + enableServiceLinks: + type: boolean + description: >- + Indicates whether information about services + should be injected into Pod's environment + variables. + tmpDirSizeLimit: + type: string + pattern: '^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$' + description: >- + Defines the total amount (for example `1Gi`) of + local storage required for temporary EmptyDir + volume (`/tmp`). Default value is `5Mi`. + description: Template for Kafka Exporter `Pods`. + service: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for Kafka Exporter `Service`. + container: + type: object + properties: + env: + type: array + items: + type: object + properties: + name: + type: string + description: The environment variable key. + value: + type: string + description: The environment variable value. + description: >- + Environment variables which should be applied to + the container. + securityContext: + type: object + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + type: object + properties: + add: + type: array + items: + type: string + drop: + type: array + items: + type: string + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + type: object + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + seccompProfile: + type: object + properties: + localhostProfile: + type: string + type: + type: string + windowsOptions: + type: object + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + description: Security context for the container. + description: Template for the Kafka Exporter container. + serviceAccount: + type: object + properties: + metadata: + type: object + properties: + labels: + additionalProperties: + type: string + type: object + description: Labels added to the Kubernetes resource. + annotations: + additionalProperties: + type: string + type: object + description: >- + Annotations added to the Kubernetes + resource. + description: Metadata applied to the resource. + description: Template for the Kafka Exporter service account. + description: Customization of deployment templates and pods. + description: >- + Configuration of the Kafka Exporter. Kafka Exporter can + provide additional metrics, for example lag of consumer + group at topic/partition. + maintenanceTimeWindows: + type: array + items: + type: string + description: >- + A list of time windows for maintenance tasks (that is, + certificates renewal). Each time window is defined by a cron + expression. + required: + - kafka + description: >- + The specification of the Kafka and ZooKeeper clusters, and Topic + Operator. + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + description: >- + The unique identifier of a condition, used to + distinguish between other conditions in the resource. + status: + type: string + description: >- + The status of the condition, either True, False or + Unknown. + lastTransitionTime: + type: string + description: >- + Last time the condition of a type changed from one + status to another. The required format is + 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + reason: + type: string + description: >- + The reason for the condition's last transition (a + single word in CamelCase). + message: + type: string + description: >- + Human-readable message indicating details about the + condition's last transition. + description: List of status conditions. + observedGeneration: + type: integer + description: >- + The generation of the CRD that was last reconciled by the + operator. + listeners: + type: array + items: + type: object + properties: + type: + type: string + description: The name of the listener. + name: + type: string + description: The name of the listener. + addresses: + type: array + items: + type: object + properties: + host: + type: string + description: >- + The DNS name or IP address of the Kafka + bootstrap service. + port: + type: integer + description: The port of the Kafka bootstrap service. + description: A list of the addresses for this listener. + bootstrapServers: + type: string + description: >- + A comma-separated list of `host:port` pairs for + connecting to the Kafka cluster using this listener. + certificates: + type: array + items: + type: string + description: >- + A list of TLS certificates which can be used to verify + the identity of the server when connecting to the + given listener. Set only for `tls` and `external` + listeners. + description: Addresses of the internal and external listeners. + kafkaNodePools: + type: array + items: + type: object + properties: + name: + type: string + description: >- + The name of the KafkaNodePool used by this Kafka + resource. + description: List of the KafkaNodePools used by this Kafka cluster. + clusterId: + type: string + description: Kafka cluster Id. + operatorLastSuccessfulVersion: + type: string + description: >- + The version of the Strimzi Cluster Operator which performed + the last successful reconciliation. + kafkaVersion: + type: string + description: The version of Kafka currently deployed in the cluster. + kafkaMetadataVersion: + type: string + description: >- + The KRaft metadata.version currently used by the Kafka + cluster. + kafkaMetadataState: + type: string + enum: + - ZooKeeper + - KRaftMigration + - KRaftDualWriting + - KRaftPostMigration + - PreKRaft + - KRaft + description: >- + Defines where cluster metadata are stored. Possible values + are: ZooKeeper if the metadata are stored in ZooKeeper; + KRaftMigration if the controllers are connected to + ZooKeeper, brokers are being rolled with Zookeeper migration + enabled and connection information to controllers, and the + metadata migration process is running; KRaftDualWriting if + the metadata migration process finished and the cluster is + in dual-write mode; KRaftPostMigration if the brokers are + fully KRaft-based but controllers being rolled to disconnect + from ZooKeeper; PreKRaft if brokers and controller are fully + KRaft-based, metadata are stored in KRaft, but ZooKeeper + must be deleted; KRaft if the metadata are stored in KRaft. + description: >- + The status of the Kafka and ZooKeeper clusters, and Topic + Operator. + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-namespaced + labels: + app: strimzi +rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - pods + - serviceaccounts + - configmaps + - services + - endpoints + - secrets + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - get + - patch + - update + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + - buildconfigs/instantiate + - builds + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator-watched + labels: + app: strimzi + namespace: xxxxxx +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-watched + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-entity-operator + labels: + app: strimzi +rules: + - apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - kafka.strimzi.io + resources: + - kafkausers + verbs: + - get + - list + - watch + - create + - patch + - update + - apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics/status + - kafkausers/status + verbs: + - get + - patch + - update + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: strimzi-cluster-operator-kafka-broker-delegation + labels: + app: strimzi +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-kafka-broker + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-cluster-operator-leader-election + labels: + app: strimzi +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - strimzi-cluster-operator + verbs: + - get + - list + - watch + - delete + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator-leader-election + labels: + app: strimzi + namespace: xxxxxx +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-cluster-operator-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: strimzi-cluster-operator-entity-operator-delegation + labels: + app: strimzi + namespace: xxxxxx +subjects: + - kind: ServiceAccount + name: strimzi-cluster-operator + namespace: xxxxxx +roleRef: + kind: ClusterRole + name: strimzi-entity-operator + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-kafka-client + labels: + app: strimzi +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get diff --git a/test/resource/overlord/test-chain-overlord-node0/cm-account.yaml b/test/resource/overlord/test-chain-overlord-node0/cm-account.yaml index ddd7a3e..428b31c 100644 --- a/test/resource/overlord/test-chain-overlord-node0/cm-account.yaml +++ b/test/resource/overlord/test-chain-overlord-node0/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NmU5NzFkYjlmYzAwNmRmMjBlMmUxZDdlNjk3MDE2ZTUyYzNmZTRhNTg1YzUyZGIxYzFmYjY5Yjg4MmYxYjNhYQ== + private_key: NWNlNDkwYzIxN2IzN2EyZTAzMDFjMGE2YTU2MThmZWY2Mjg5NDkyY2MwZDhiZmZjZGY1NjJlNDhkYjQ1MjEyMg== data: - node_address: 3bf92e015d4436e9786c58d9109fd5e220b4deeb - validator_address: 91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2 + node_address: 0f342dfdd660fd313cb4baeed54a3e461f001c1e + validator_address: 95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343 metadata: labels: app.kubernetes.io/chain-name: test-chain-overlord diff --git a/test/resource/overlord/test-chain-overlord-node0/cm-config.yaml b/test/resource/overlord/test-chain-overlord-node0/cm-config.yaml index 0529688..cbb0dd3 100644 --- a/test/resource/overlord/test-chain-overlord-node0/cm-config.yaml +++ b/test/resource/overlord/test-chain-overlord-node0/cm-config.yaml @@ -5,27 +5,27 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdTCCARqgAwIBAgIUVvLZ6RqSgFcFc7iP8IeuJRTbi5EwCgYIKoZIzj0EAwIw + MIIBdDCCARqgAwIBAgIUe/Li6ogJuBqbYfIBoIRixxRVx+cwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ndjr/OcAE0uyIZpgnzMzwu6 - TdVBFSK0IdZHlie3q4pSpEG1eQJVzgcOGemPsiTdvAqrk8pf5Fl2OYoFRC1eNqMy - MDAwHQYDVR0OBBYEFNby2ekakoBXBXO4j/CHriUU24uRMA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSQAwRgIhALrPyzxBp/G+x6ErrUG3OkSx/NYA4l0JgTWh - 5X5Cc07yAiEAjIQZp1Y8E166rCHE2zfyHLPDZ0OLdQrFhRR+k1stqGc= + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvTA++E8lK6KJKUIMMUQM5tfH + BiyyA+B85dYkfiEFARPcFaqTYl1UCe581C6GWUi36/ZLmgozYKbL/Pre63AkI6My + MDAwHQYDVR0OBBYEFPvy4uqICbgam2HyAaCEYscUVcfnMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSAAwRQIhANb1AaJm6x7ii70cnrdNCbgI2roN+/PqGqKv + 01C8GiXaAiAbU7sVNkrPZqxYmWjBrShFfhdMr3LbzGwXMd5l3Whc0w== -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBgTCCASegAwIBAgIUcFQtAx2h4FRoAR3XmoMRes4UMvYwCgYIKoZIzj0EAwIw + MIIBgTCCASegAwIBAgIUZZvRdGOqFIAm2V8xeV39IaD43CwwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDYxEDAOBgNVBAoMB0NJVEFIdWIxIjAgBgNVBAMT GXRlc3QtY2hhaW4tb3ZlcmxvcmQtbm9kZTAwWTATBgcqhkjOPQIBBggqhkjOPQMB - BwNCAATzWTuQYqNnqZrN+QdZ0dIMmZzZOwT8qlSJPz/f9emFDaA/WXBwpM2XlzFy - 8VFphrVjl8MgKLW7nGP/b8vUotw+oygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu - LW92ZXJsb3JkLW5vZGUwMAoGCCqGSM49BAMCA0gAMEUCIQDN+MVAeaDxo0+O5YXO - sosSK2PqAG/H8gfM7yJjAt5/9QIgWFqOW5RpJa85oLUYXX3xsXQ9csg0dK7hZrD4 - WuWmw3s= + BwNCAAREryPNR+muJY8b/3k/y+//EsoymQawET/Sjn1iflZ+WNwecs2FWvyLE5CB + eqcQiQopEmvtHgaUQOVzBdHiUjstoygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu + LW92ZXJsb3JkLW5vZGUwMAoGCCqGSM49BAMCA0gAMEUCIQCVheSc+YQcdwOH9LZD + y/LXNZMv0xYxwjaaUx+oosjw1wIgZ7405kEg+9OZH2xMwO3KT9Kt4MMyHXKQRX7f + i5NRSOI= -----END CERTIFICATE----- """ chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" @@ -37,9 +37,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglzSUVRYafDsE9mXk - jLzwbnL8Ssu+wziQ3l9cSlMXEKqhRANCAATzWTuQYqNnqZrN+QdZ0dIMmZzZOwT8 - qlSJPz/f9emFDaA/WXBwpM2XlzFy8VFphrVjl8MgKLW7nGP/b8vUotw+ + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYDenP3jxyzB6z8HB + yHkb7cL2oWTuCgo0Ssxrl9Oc3nWhRANCAAREryPNR+muJY8b/3k/y+//EsoymQaw + ET/Sjn1iflZ+WNwecs2FWvyLE5CBeqcQiQopEmvtHgaUQOVzBdHiUjst -----END PRIVATE KEY----- """ protocol = "quic" @@ -111,13 +111,17 @@ data: storage_port = 50003 [storage_opendal.cloud_storage] - access_key_id = "admin" - bucket = "cita-cloud" - endpoint = "http://minio:9000" - region = "cn-east-1" - root = "overlord" - secret_access_key = "testtest" - service_type = "s3" + access_key_id = "" + bucket = "" + endpoint = "" + region = "" + root = "" + secret_access_key = "" + service_type = "" + + [storage_opendal.exporter] + base_path = "http://my-bridge-bridge-service:8080" + chain_name = "test-chain-overlord" [storage_opendal.log_config] filter = "info" @@ -126,7 +130,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332160572 + timestamp = 1718694928407 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -135,10 +139,10 @@ data: chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" quota_limit = 1073741824 validators = [ - "91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2", - "88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0", - "95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533", - "a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9", + "95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343", + "902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52", + "8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006", + "9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a", ] version = 0 diff --git a/test/resource/overlord/test-chain-overlord-node1/cm-account.yaml b/test/resource/overlord/test-chain-overlord-node1/cm-account.yaml index e3f114a..39756f0 100644 --- a/test/resource/overlord/test-chain-overlord-node1/cm-account.yaml +++ b/test/resource/overlord/test-chain-overlord-node1/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NmY2ZGZkYzFmNjkzMmFlNDliNzY0NzExMGNmOTE5ODVmMWM1MGFhMzAxNzU4NjJlMzhmNTc3MzA3YmNmZjI0NQ== + private_key: MGY3ZjAxMmJlYjMzMDI4NDgxMDAwNjU2MmMwZWIxMzg0MDgzYWU5ZTg0YTU5ODFkN2QyMzBlZjc1MzQ5YzYyMA== data: - node_address: 7af1111b1e306bbdc93dc2decc6a538e94a10bc2 - validator_address: 88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0 + node_address: c25fb9e1ddbc5bdd6649dea32a40ac239a2dd823 + validator_address: 902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52 metadata: labels: app.kubernetes.io/chain-name: test-chain-overlord diff --git a/test/resource/overlord/test-chain-overlord-node1/cm-config.yaml b/test/resource/overlord/test-chain-overlord-node1/cm-config.yaml index 3c06133..4133639 100644 --- a/test/resource/overlord/test-chain-overlord-node1/cm-config.yaml +++ b/test/resource/overlord/test-chain-overlord-node1/cm-config.yaml @@ -5,27 +5,27 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdTCCARqgAwIBAgIUVvLZ6RqSgFcFc7iP8IeuJRTbi5EwCgYIKoZIzj0EAwIw + MIIBdDCCARqgAwIBAgIUe/Li6ogJuBqbYfIBoIRixxRVx+cwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ndjr/OcAE0uyIZpgnzMzwu6 - TdVBFSK0IdZHlie3q4pSpEG1eQJVzgcOGemPsiTdvAqrk8pf5Fl2OYoFRC1eNqMy - MDAwHQYDVR0OBBYEFNby2ekakoBXBXO4j/CHriUU24uRMA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSQAwRgIhALrPyzxBp/G+x6ErrUG3OkSx/NYA4l0JgTWh - 5X5Cc07yAiEAjIQZp1Y8E166rCHE2zfyHLPDZ0OLdQrFhRR+k1stqGc= + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvTA++E8lK6KJKUIMMUQM5tfH + BiyyA+B85dYkfiEFARPcFaqTYl1UCe581C6GWUi36/ZLmgozYKbL/Pre63AkI6My + MDAwHQYDVR0OBBYEFPvy4uqICbgam2HyAaCEYscUVcfnMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSAAwRQIhANb1AaJm6x7ii70cnrdNCbgI2roN+/PqGqKv + 01C8GiXaAiAbU7sVNkrPZqxYmWjBrShFfhdMr3LbzGwXMd5l3Whc0w== -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBgDCCASegAwIBAgIUOuLK5OmqpxfSJv7pW/s58hZa2DUwCgYIKoZIzj0EAwIw + MIIBgTCCASegAwIBAgIUG/Qy8MLqZiwmCPiayEOC6+GGlqEwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDYxEDAOBgNVBAoMB0NJVEFIdWIxIjAgBgNVBAMT GXRlc3QtY2hhaW4tb3ZlcmxvcmQtbm9kZTEwWTATBgcqhkjOPQIBBggqhkjOPQMB - BwNCAATpPmuinrTy4yhAOO4HecQx2+GEEKU24u56uTBec93SV7LSmLpqZD2MJrb6 - MSzLFej0J/5OXzSaV68E11X9ldX/oygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu - LW92ZXJsb3JkLW5vZGUxMAoGCCqGSM49BAMCA0cAMEQCID+ny0epFWTF/K+Eo4/A - s5t5LnGodKag/WzMC7WGHV44AiAaWXd+KnMWzyrN+/Yjr3pjiyHxsleeFyK1rtzl - 7n60NA== + BwNCAARjKpv/fo+8u79VxYo2oGjANDhQ60sHBeZta+eGjEhMCPswLPuOVaX8Rh1c + rJP4AaIEJOu8yz+ckBdR6f0D5TnuoygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu + LW92ZXJsb3JkLW5vZGUxMAoGCCqGSM49BAMCA0gAMEUCIQDMmi8liCB2Gt+35GRN + 7nfD1MQ0+QFeXCu0DU9E6/RK7AIgBxIi3wEBROPMGZWa7qnHNO/iolPeiJYAESG8 + pZfS/a0= -----END CERTIFICATE----- """ chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" @@ -37,9 +37,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgF/inkve/ShSfMFqw - PXqKoA6wejypqBtMIvG6yGXzcAOhRANCAATpPmuinrTy4yhAOO4HecQx2+GEEKU2 - 4u56uTBec93SV7LSmLpqZD2MJrb6MSzLFej0J/5OXzSaV68E11X9ldX/ + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPnrLytQiUqfh9l0h + t0cA7VM1ejtNU7o88xRl8wFwOxuhRANCAARjKpv/fo+8u79VxYo2oGjANDhQ60sH + BeZta+eGjEhMCPswLPuOVaX8Rh1crJP4AaIEJOu8yz+ckBdR6f0D5Tnu -----END PRIVATE KEY----- """ protocol = "quic" @@ -111,13 +111,17 @@ data: storage_port = 50003 [storage_opendal.cloud_storage] - access_key_id = "admin" - bucket = "cita-cloud" - endpoint = "http://minio:9000" - region = "cn-east-1" - root = "overlord" - secret_access_key = "testtest" - service_type = "s3" + access_key_id = "" + bucket = "" + endpoint = "" + region = "" + root = "" + secret_access_key = "" + service_type = "" + + [storage_opendal.exporter] + base_path = "http://my-bridge-bridge-service:8080" + chain_name = "test-chain-overlord" [storage_opendal.log_config] filter = "info" @@ -126,7 +130,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332160572 + timestamp = 1718694928407 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -135,10 +139,10 @@ data: chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" quota_limit = 1073741824 validators = [ - "91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2", - "88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0", - "95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533", - "a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9", + "95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343", + "902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52", + "8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006", + "9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a", ] version = 0 diff --git a/test/resource/overlord/test-chain-overlord-node2/cm-account.yaml b/test/resource/overlord/test-chain-overlord-node2/cm-account.yaml index eab2aae..e4cd7bf 100644 --- a/test/resource/overlord/test-chain-overlord-node2/cm-account.yaml +++ b/test/resource/overlord/test-chain-overlord-node2/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NDE0NGYxMTkyZjdlNWNlY2I4MmM3MGMwYzAyZGNkNDYwOTIyNTQ0ZGJjMDdmNmUyMmExM2NiZTMwZGJmYzNmZQ== + private_key: Mjc0YTVhYTIxMjUyMjVkNjk5Y2JlNDNmMTM0NGRhNjhhZmQ4MWQ2MWZlYjAwMGMyZDM4OTBmOTkyZDNjNTdkYg== data: - node_address: 0ec941438723a7e4c770ba2ab786c1dbd5a403dc - validator_address: 95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533 + node_address: d05c5a3d31edf842a191ec173a4b70b0fbd89d03 + validator_address: 8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006 metadata: labels: app.kubernetes.io/chain-name: test-chain-overlord diff --git a/test/resource/overlord/test-chain-overlord-node2/cm-config.yaml b/test/resource/overlord/test-chain-overlord-node2/cm-config.yaml index 6c54dcd..6e9b752 100644 --- a/test/resource/overlord/test-chain-overlord-node2/cm-config.yaml +++ b/test/resource/overlord/test-chain-overlord-node2/cm-config.yaml @@ -5,27 +5,27 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdTCCARqgAwIBAgIUVvLZ6RqSgFcFc7iP8IeuJRTbi5EwCgYIKoZIzj0EAwIw + MIIBdDCCARqgAwIBAgIUe/Li6ogJuBqbYfIBoIRixxRVx+cwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ndjr/OcAE0uyIZpgnzMzwu6 - TdVBFSK0IdZHlie3q4pSpEG1eQJVzgcOGemPsiTdvAqrk8pf5Fl2OYoFRC1eNqMy - MDAwHQYDVR0OBBYEFNby2ekakoBXBXO4j/CHriUU24uRMA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSQAwRgIhALrPyzxBp/G+x6ErrUG3OkSx/NYA4l0JgTWh - 5X5Cc07yAiEAjIQZp1Y8E166rCHE2zfyHLPDZ0OLdQrFhRR+k1stqGc= + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvTA++E8lK6KJKUIMMUQM5tfH + BiyyA+B85dYkfiEFARPcFaqTYl1UCe581C6GWUi36/ZLmgozYKbL/Pre63AkI6My + MDAwHQYDVR0OBBYEFPvy4uqICbgam2HyAaCEYscUVcfnMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSAAwRQIhANb1AaJm6x7ii70cnrdNCbgI2roN+/PqGqKv + 01C8GiXaAiAbU7sVNkrPZqxYmWjBrShFfhdMr3LbzGwXMd5l3Whc0w== -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBgjCCASegAwIBAgIUfLRZmnKPdowESiL6KA7Z4nqH9uEwCgYIKoZIzj0EAwIw + MIIBgTCCASegAwIBAgIUZdz4S7fDaifzvmMJ1Qp0wMPbeDgwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDYxEDAOBgNVBAoMB0NJVEFIdWIxIjAgBgNVBAMT GXRlc3QtY2hhaW4tb3ZlcmxvcmQtbm9kZTIwWTATBgcqhkjOPQIBBggqhkjOPQMB - BwNCAATnYt7l5X7x1inAlblHDbA3/uMaiQ1z2SzZTMaXmqGYwESmPueiG3RQLLUo - 9rBfvsZ87nvrbvwI2nxg1X1vu7jroygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu - LW92ZXJsb3JkLW5vZGUyMAoGCCqGSM49BAMCA0kAMEYCIQCKHC+UdUnwHOHhWp+v - wWeD0hmQJliIOU/iJZT60ml0vwIhALS3skhOnTasa2HpJc64R3L9lB6ULIEfHpS1 - z90eSCQ0 + BwNCAARpc9C+aesPxXbZdVKYTgzoIU7FJYHr+JacIEAr0vlMyInljzOtuDR1M/fH + snteOBvJWhuKqjCBCr5vIxT6S0j4oygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu + LW92ZXJsb3JkLW5vZGUyMAoGCCqGSM49BAMCA0gAMEUCIC5WmoP5ZZFPSrmOiRsd + URXblwtutAYCkMtYgQm1f3faAiEA6pz7PCCcm8ypIBMU8rxuOADJnZ1emAQWRjiP + W/iMGD0= -----END CERTIFICATE----- """ chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" @@ -37,9 +37,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghh3POD/cWs0J5U3T - 56Nlitvfl3sRyPKnlhXskN28deahRANCAATnYt7l5X7x1inAlblHDbA3/uMaiQ1z - 2SzZTMaXmqGYwESmPueiG3RQLLUo9rBfvsZ87nvrbvwI2nxg1X1vu7jr + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgUxzz9KPJUySiC/vo + xiQbvpIlxbDmxSQOmth33TVp9O6hRANCAARpc9C+aesPxXbZdVKYTgzoIU7FJYHr + +JacIEAr0vlMyInljzOtuDR1M/fHsnteOBvJWhuKqjCBCr5vIxT6S0j4 -----END PRIVATE KEY----- """ protocol = "quic" @@ -111,13 +111,17 @@ data: storage_port = 50003 [storage_opendal.cloud_storage] - access_key_id = "admin" - bucket = "cita-cloud" - endpoint = "http://minio:9000" - region = "cn-east-1" - root = "overlord" - secret_access_key = "testtest" - service_type = "s3" + access_key_id = "" + bucket = "" + endpoint = "" + region = "" + root = "" + secret_access_key = "" + service_type = "" + + [storage_opendal.exporter] + base_path = "http://my-bridge-bridge-service:8080" + chain_name = "test-chain-overlord" [storage_opendal.log_config] filter = "info" @@ -126,7 +130,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332160572 + timestamp = 1718694928407 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -135,10 +139,10 @@ data: chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" quota_limit = 1073741824 validators = [ - "91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2", - "88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0", - "95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533", - "a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9", + "95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343", + "902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52", + "8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006", + "9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a", ] version = 0 diff --git a/test/resource/overlord/test-chain-overlord-node3/cm-account.yaml b/test/resource/overlord/test-chain-overlord-node3/cm-account.yaml index 0cdfb56..3908dbe 100644 --- a/test/resource/overlord/test-chain-overlord-node3/cm-account.yaml +++ b/test/resource/overlord/test-chain-overlord-node3/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: MjJiZjc1NDk3Y2I3YTFjZDhkNGZhMWYxOTcwMDQ2OWE1ZGY0NGUyYWNkOGE5MDY1OGZjZGViM2U5MGNjZjI2NA== + private_key: NTU5ZDU0ZGQ3ZjM5N2YwOTM2NGYyZGY5NTcyNTQ3MTcyYmIwZGUwNGUxOTRkMjJhMWMwMDljNDA1ZjY3MWY3Mw== data: - node_address: 22b04900bd6ff66b5d832245212ce0418cf196a7 - validator_address: a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9 + node_address: 4baaa1f3e745e75246a68b759fec76cdee21f5b1 + validator_address: 9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a metadata: labels: app.kubernetes.io/chain-name: test-chain-overlord diff --git a/test/resource/overlord/test-chain-overlord-node3/cm-config.yaml b/test/resource/overlord/test-chain-overlord-node3/cm-config.yaml index f2aeefe..e158160 100644 --- a/test/resource/overlord/test-chain-overlord-node3/cm-config.yaml +++ b/test/resource/overlord/test-chain-overlord-node3/cm-config.yaml @@ -5,27 +5,27 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdTCCARqgAwIBAgIUVvLZ6RqSgFcFc7iP8IeuJRTbi5EwCgYIKoZIzj0EAwIw + MIIBdDCCARqgAwIBAgIUe/Li6ogJuBqbYfIBoIRixxRVx+cwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ndjr/OcAE0uyIZpgnzMzwu6 - TdVBFSK0IdZHlie3q4pSpEG1eQJVzgcOGemPsiTdvAqrk8pf5Fl2OYoFRC1eNqMy - MDAwHQYDVR0OBBYEFNby2ekakoBXBXO4j/CHriUU24uRMA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSQAwRgIhALrPyzxBp/G+x6ErrUG3OkSx/NYA4l0JgTWh - 5X5Cc07yAiEAjIQZp1Y8E166rCHE2zfyHLPDZ0OLdQrFhRR+k1stqGc= + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvTA++E8lK6KJKUIMMUQM5tfH + BiyyA+B85dYkfiEFARPcFaqTYl1UCe581C6GWUi36/ZLmgozYKbL/Pre63AkI6My + MDAwHQYDVR0OBBYEFPvy4uqICbgam2HyAaCEYscUVcfnMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSAAwRQIhANb1AaJm6x7ii70cnrdNCbgI2roN+/PqGqKv + 01C8GiXaAiAbU7sVNkrPZqxYmWjBrShFfhdMr3LbzGwXMd5l3Whc0w== -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBgTCCASegAwIBAgIUTjoeizwxM0sMhSbmjAaBWTfVOUYwCgYIKoZIzj0EAwIw + MIIBgTCCASegAwIBAgIUOE8Fft4Je1T4U83MGRrVo6+ZVm8wCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDYxEDAOBgNVBAoMB0NJVEFIdWIxIjAgBgNVBAMT GXRlc3QtY2hhaW4tb3ZlcmxvcmQtbm9kZTMwWTATBgcqhkjOPQIBBggqhkjOPQMB - BwNCAASApo+ZhzJyvUYQaQ1TIYhAjzDJIkcL1qkp4NtMa2ZvX/mPAYiWeBDF4x55 - lGnm04DukFlTGKiS/ahLAiywGHwLoygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu - LW92ZXJsb3JkLW5vZGUzMAoGCCqGSM49BAMCA0gAMEUCIEpLSQ2R4O0pShhyxVfC - Eq53JGROuZxFwppkDg2S6QySAiEAxX/a8mqgKG7qzeBYD7aDr29RsNlDIQxYGrmx - KKVIgC0= + BwNCAASpSgYonye4F/msB2OHua/Emugjb3kbyOqjmE0uciCG3QKzH4y2PEwpHLgM + DRw3l3hgQm3zyG0ZFRkcXJNzm0Y9oygwJjAkBgNVHREEHTAbghl0ZXN0LWNoYWlu + LW92ZXJsb3JkLW5vZGUzMAoGCCqGSM49BAMCA0gAMEUCIQDNyxtX/jwVd3dUeTz6 + GtwUW1EPgA5GM9JBn+dCcL+gyAIgZ+0Zd5GNDHIlwqn7Lgs91N6ROmJAKuplgE+3 + FDclNj0= -----END CERTIFICATE----- """ chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" @@ -37,9 +37,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgwGB9Ic1Z+gKgGcq2 - 6gRUgQsMKfvYlDPLr3HN1bW01aahRANCAASApo+ZhzJyvUYQaQ1TIYhAjzDJIkcL - 1qkp4NtMa2ZvX/mPAYiWeBDF4x55lGnm04DukFlTGKiS/ahLAiywGHwL + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg5+5r6lT+OQ3EBhGZ + kKmdm87QgjsDAMMecf7uJ6xo9h6hRANCAASpSgYonye4F/msB2OHua/Emugjb3kb + yOqjmE0uciCG3QKzH4y2PEwpHLgMDRw3l3hgQm3zyG0ZFRkcXJNzm0Y9 -----END PRIVATE KEY----- """ protocol = "quic" @@ -111,13 +111,17 @@ data: storage_port = 50003 [storage_opendal.cloud_storage] - access_key_id = "admin" - bucket = "cita-cloud" - endpoint = "http://minio:9000" - region = "cn-east-1" - root = "overlord" - secret_access_key = "testtest" - service_type = "s3" + access_key_id = "" + bucket = "" + endpoint = "" + region = "" + root = "" + secret_access_key = "" + service_type = "" + + [storage_opendal.exporter] + base_path = "http://my-bridge-bridge-service:8080" + chain_name = "test-chain-overlord" [storage_opendal.log_config] filter = "info" @@ -126,7 +130,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332160572 + timestamp = 1718694928407 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -135,10 +139,10 @@ data: chain_id = "f43b00f1e0d0b3b5a7c5692f622aa550f80612c3a8b73eec436cb02c1e616abe" quota_limit = 1073741824 validators = [ - "91177beffce0c05a64fdbf40547c9bf2899c8cb5859ed7b9a6e20ac74e7579fdbd70a0f63e9b531392e5c8a0938d91b2", - "88999aa958d5c17998bafc0ce469a0375b1dd9d4e79f4dbf4630e54d9d6a01d67914d1a9be7e80cf862a9a95d47d01b0", - "95f246284995bc34f017672600a346c2f547306e3cb3e5563ca75549d31bea85e1a9faa5e77af9090d63fb1b57c70533", - "a1654c4c63b52c8264160aed0b28dafcf0ae8bfccff09552b36e17de2412a91d4fda4b49073cfeee4e763661d1ddfff9", + "95f4713a71709d77bfcdfe824bfd0b0a02d80f32480c55c005a56eab052f1caf4ff2afe1f0d28210f567fe51185dc343", + "902807e5e4558433c530c763529661255f89766a764f9586fc4f0a85a81045feadf426aff4af43ebfeb8dea50fd90b52", + "8e88e0465ee5f852acc718ffb064a916c93cfe8d838025383329087754253cbef6a755c797ae334f8425dc2f00ca2006", + "9656ab66de72f8e00031be1fd3504dc6ad7c7511660693bff3df68ec77e6f1ca5d23b1c5f9c23b296b4ce191b4f8a75a", ] version = 0 diff --git a/test/resource/raft/test-chain-raft-node0/cm-account.yaml b/test/resource/raft/test-chain-raft-node0/cm-account.yaml index a9f4e8d..3aa93cf 100644 --- a/test/resource/raft/test-chain-raft-node0/cm-account.yaml +++ b/test/resource/raft/test-chain-raft-node0/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: MmZhODEwNjliZmY3NzEyZTZmYzFmNTdjZWM0YzNjMzBlZTliNDRjMmU5M2YzNTBmNWE4YWI5NDg2ZWE5ZTVkMQ== + private_key: NWYzNzJiNGViNjU3MzlkZmFhZmU5MTM0MDhhZjU0N2ZjYmUzNTYzZTZlNGQ3Zjc4NDI5MTJkNGY3NzVjZGNiMw== data: - node_address: ac9a0cd0a9e60519b1575158044843dabeec1276 - validator_address: ac9a0cd0a9e60519b1575158044843dabeec1276 + node_address: a5093b0b475af7f69997ff014a302f6b96a7083b + validator_address: a5093b0b475af7f69997ff014a302f6b96a7083b metadata: labels: app.kubernetes.io/chain-name: test-chain-raft diff --git a/test/resource/raft/test-chain-raft-node0/cm-config.yaml b/test/resource/raft/test-chain-raft-node0/cm-config.yaml index 1629a94..08e7805 100644 --- a/test/resource/raft/test-chain-raft-node0/cm-config.yaml +++ b/test/resource/raft/test-chain-raft-node0/cm-config.yaml @@ -5,26 +5,26 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdDCCARqgAwIBAgIUCjGECYVzGsUYw40WazW4OD3mP7swCgYIKoZIzj0EAwIw + MIIBdTCCARqgAwIBAgIUYj0sVWTdTX6qaQkeBB3J2T+j6qAwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeKmAjEqtuu1TgHdoW2HBAxl - 0VobxKLIsRcdnNxE37sg+5QeQZhdVm2Br8TLNJ1ZbaQYmuDbgHq2rYto67KPfKMy - MDAwHQYDVR0OBBYEFIoxhAmFcxrFGMONFms1uDg95j+7MA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSAAwRQIgc48PEcKNylJ0B515Lw1ERKLPxZgJnx/gRi2p - 31TF5A8CIQCCU1YdO6sYHqZRnjyuOTfUNZW4S/rHwRZEUQkF06tYKQ== + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5PRdPVbTQfp2+nJQ0eEsIVt/ + a2/WXIYl4cDnMXWio68l+6k/EsslZLTJHiNPka38LrqW0AoGGLGxTcZFRVA5q6My + MDAwHQYDVR0OBBYEFGI9LFVk3U1+qmkJHgQdydk/o+qgMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSQAwRgIhAPUhpvQxM49ld1Xypr4qeK0lz+2kKe3Fb15J + jNa4WIX+AiEAnV7/ewGQ3iUzLbwRfu9EeU81HKbCvKZd3Bek8Zke7aU= -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBeTCCAR+gAwIBAgIUeoRbbBAiD3IVb/WO7Oj/vfw24+AwCgYIKoZIzj0EAwIw + MIIBeDCCAR+gAwIBAgIUXL0oxrL7fLv2LRJCDw3oI9fsXAYwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDIxEDAOBgNVBAoMB0NJVEFIdWIxHjAcBgNVBAMT FXRlc3QtY2hhaW4tcmFmdC1ub2RlMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA - BFlz+LeIQ1iMK5IPKa0q2gZ+AAKUFBes2huHvDNHmbiQ0UKvbW6wfVHCd25NFsKp - bl6VXKunbpww3Yap6nMHTy2jJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm - dC1ub2RlMDAKBggqhkjOPQQDAgNIADBFAiEAnz3QHPpaOYdnvzOVo139vt+fo5wQ - tdfyFwmNDbykVNYCIHvZ+Jn9GO4Z9bAH//Eev52aLtYHQBkFUzKkh05KnG4P + BEWeBKf9bBzs2xYSp001ZSn9Tsk0DfO0MDaUm+Hu3/uNZ17m19Nc2XLG5N8M5ncn + 8tjUFuinXZC3Fn733SSC6X2jJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm + dC1ub2RlMDAKBggqhkjOPQQDAgNHADBEAiAMx4jHz6mvIilVmcujOgI5Qt5DduXK + vICteZHFp/drjAIgTkTpEuHj6LBeFjkN3zAOXrXPtkJkujeTZlc3EkzbXWY= -----END CERTIFICATE----- """ chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" @@ -36,9 +36,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1kEqaMxxpyUWM+Bz - BMsP8E1sw887HzXMc/NzRLlcm/ShRANCAARZc/i3iENYjCuSDymtKtoGfgAClBQX - rNobh7wzR5m4kNFCr21usH1RwnduTRbCqW5elVyrp26cMN2GqepzB08t + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvj8NcB6B70YtxIjF + KRZO759cXFqmx5aJZ2ktMCZzJOGhRANCAARFngSn/Wwc7NsWEqdNNWUp/U7JNA3z + tDA2lJvh7t/7jWde5tfTXNlyxuTfDOZ3J/LY1Bbop12QtxZ+990kgul9 -----END PRIVATE KEY----- """ protocol = "quic" @@ -114,6 +114,10 @@ data: secret_access_key = "testtest" service_type = "s3" + [storage_opendal.exporter] + base_path = "" + chain_name = "test-chain-raft" + [storage_opendal.log_config] filter = "info" max_level = "info" @@ -121,7 +125,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332166410 + timestamp = 1718694932661 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -130,10 +134,10 @@ data: chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" quota_limit = 1073741824 validators = [ - "ac9a0cd0a9e60519b1575158044843dabeec1276", - "d5cc5d9443a4c1d8c0f3fc9650538981d8582adf", - "1355af5612e81327151faa0fe76fadeed495444a", - "90a7e0b542cf5ce4997b6b043f6771b1da1e7790", + "a5093b0b475af7f69997ff014a302f6b96a7083b", + "3decec23d841675a4ab21653cc4f5f0b13fb5e3c", + "05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2", + "66b0ca5b80cf7e0639ab03130dead022112a703b", ] version = 0 diff --git a/test/resource/raft/test-chain-raft-node1/cm-account.yaml b/test/resource/raft/test-chain-raft-node1/cm-account.yaml index 818b830..0925fad 100644 --- a/test/resource/raft/test-chain-raft-node1/cm-account.yaml +++ b/test/resource/raft/test-chain-raft-node1/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NTJmYWVkZjZlZTcwZTA3OTE0M2UyM2VmOTJiZjhiYThhODlhZTA4OTNjZWNjNzAxOTJhNzFlY2I4M2RmODM4NQ== + private_key: MjFkNTc0NGZlODU4ODE0ZTkzYWRhNTBhMjhjM2RmM2NkNzE4N2VkNjllNDAyMjdiMGIzZTM2NTFjYjQ5MjI4Mw== data: - node_address: d5cc5d9443a4c1d8c0f3fc9650538981d8582adf - validator_address: d5cc5d9443a4c1d8c0f3fc9650538981d8582adf + node_address: 3decec23d841675a4ab21653cc4f5f0b13fb5e3c + validator_address: 3decec23d841675a4ab21653cc4f5f0b13fb5e3c metadata: labels: app.kubernetes.io/chain-name: test-chain-raft diff --git a/test/resource/raft/test-chain-raft-node1/cm-config.yaml b/test/resource/raft/test-chain-raft-node1/cm-config.yaml index 33949be..043a9ee 100644 --- a/test/resource/raft/test-chain-raft-node1/cm-config.yaml +++ b/test/resource/raft/test-chain-raft-node1/cm-config.yaml @@ -5,26 +5,26 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdDCCARqgAwIBAgIUCjGECYVzGsUYw40WazW4OD3mP7swCgYIKoZIzj0EAwIw + MIIBdTCCARqgAwIBAgIUYj0sVWTdTX6qaQkeBB3J2T+j6qAwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeKmAjEqtuu1TgHdoW2HBAxl - 0VobxKLIsRcdnNxE37sg+5QeQZhdVm2Br8TLNJ1ZbaQYmuDbgHq2rYto67KPfKMy - MDAwHQYDVR0OBBYEFIoxhAmFcxrFGMONFms1uDg95j+7MA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSAAwRQIgc48PEcKNylJ0B515Lw1ERKLPxZgJnx/gRi2p - 31TF5A8CIQCCU1YdO6sYHqZRnjyuOTfUNZW4S/rHwRZEUQkF06tYKQ== + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5PRdPVbTQfp2+nJQ0eEsIVt/ + a2/WXIYl4cDnMXWio68l+6k/EsslZLTJHiNPka38LrqW0AoGGLGxTcZFRVA5q6My + MDAwHQYDVR0OBBYEFGI9LFVk3U1+qmkJHgQdydk/o+qgMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSQAwRgIhAPUhpvQxM49ld1Xypr4qeK0lz+2kKe3Fb15J + jNa4WIX+AiEAnV7/ewGQ3iUzLbwRfu9EeU81HKbCvKZd3Bek8Zke7aU= -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBeTCCAR+gAwIBAgIUaPfs7veWJmuiQPyQsxQBo72sbMgwCgYIKoZIzj0EAwIw + MIIBeTCCAR+gAwIBAgIUd4MJPxb7TEE7/A7BjKiR+PwazsowCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDIxEDAOBgNVBAoMB0NJVEFIdWIxHjAcBgNVBAMT FXRlc3QtY2hhaW4tcmFmdC1ub2RlMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA - BDEZw2SYgky7Pgy8DeSa/ANaLVjSYmprJQOoiLS7N4MRW5rH5YsT7wOxd6sTk50v - cRmoSEmT+ZzuYogXYlJMV+ajJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm - dC1ub2RlMTAKBggqhkjOPQQDAgNIADBFAiEAyDnwsRgxoxVcargtin3CbfmAlCEu - 1uDeUOEh1s0jK2oCICIFFqnILyJ6Q86jB0OH6RmhyuXAjabOai+Am9AROOGU + BN0pYACxA2q61dfY8aDJ36zPrV3/DmlmccMpsqQMwxvxVrulnDcH3LmZTlVwqzFc + 2rUygAkiULbjKkuNAUOqZNSjJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm + dC1ub2RlMTAKBggqhkjOPQQDAgNIADBFAiEAmHVt30TdGvYPp9DJwYxeqaJLBrjn + oYPzSn3WTc64MNYCIGDt5Mj0Y3Ly3cgNmZFVl67Ulp465+Qj8M3YPcj57lIV -----END CERTIFICATE----- """ chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" @@ -36,9 +36,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/G3+JCl+bOM1tnEY - 6SHEmOlTPaTmJyuqKNwXCagDdLyhRANCAAQxGcNkmIJMuz4MvA3kmvwDWi1Y0mJq - ayUDqIi0uzeDEVuax+WLE+8DsXerE5OdL3EZqEhJk/mc7mKIF2JSTFfm + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOr6uQRG+rbQ+HEWL + Muz+AV8WMQo+Pc5IOip1DkQSH2KhRANCAATdKWAAsQNqutXX2PGgyd+sz61d/w5p + ZnHDKbKkDMMb8Va7pZw3B9y5mU5VcKsxXNq1MoAJIlC24ypLjQFDqmTU -----END PRIVATE KEY----- """ protocol = "quic" @@ -114,6 +114,10 @@ data: secret_access_key = "testtest" service_type = "s3" + [storage_opendal.exporter] + base_path = "" + chain_name = "test-chain-raft" + [storage_opendal.log_config] filter = "info" max_level = "info" @@ -121,7 +125,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332166410 + timestamp = 1718694932661 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -130,10 +134,10 @@ data: chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" quota_limit = 1073741824 validators = [ - "ac9a0cd0a9e60519b1575158044843dabeec1276", - "d5cc5d9443a4c1d8c0f3fc9650538981d8582adf", - "1355af5612e81327151faa0fe76fadeed495444a", - "90a7e0b542cf5ce4997b6b043f6771b1da1e7790", + "a5093b0b475af7f69997ff014a302f6b96a7083b", + "3decec23d841675a4ab21653cc4f5f0b13fb5e3c", + "05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2", + "66b0ca5b80cf7e0639ab03130dead022112a703b", ] version = 0 diff --git a/test/resource/raft/test-chain-raft-node2/cm-account.yaml b/test/resource/raft/test-chain-raft-node2/cm-account.yaml index 9dceca2..d87eaa0 100644 --- a/test/resource/raft/test-chain-raft-node2/cm-account.yaml +++ b/test/resource/raft/test-chain-raft-node2/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: NDQ4YjRkNzEyNjIyODRiYzVhMWYzYWEyMjRkNzcxOGQwZTY4MmNjODkyMWQ2NjkxMDM0MWI5M2VmODZiNDk2YQ== + private_key: MWQ3Y2JjZGY5OTE5NTRlNWM5Y2UxNDk2NzhlY2Q1YjViODc2YmZhMDFiOGI2OWJhYjk4NzJmM2RlNjZmM2JlYQ== data: - node_address: 1355af5612e81327151faa0fe76fadeed495444a - validator_address: 1355af5612e81327151faa0fe76fadeed495444a + node_address: 05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2 + validator_address: 05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2 metadata: labels: app.kubernetes.io/chain-name: test-chain-raft diff --git a/test/resource/raft/test-chain-raft-node2/cm-config.yaml b/test/resource/raft/test-chain-raft-node2/cm-config.yaml index 8275d17..25d36aa 100644 --- a/test/resource/raft/test-chain-raft-node2/cm-config.yaml +++ b/test/resource/raft/test-chain-raft-node2/cm-config.yaml @@ -5,26 +5,26 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdDCCARqgAwIBAgIUCjGECYVzGsUYw40WazW4OD3mP7swCgYIKoZIzj0EAwIw + MIIBdTCCARqgAwIBAgIUYj0sVWTdTX6qaQkeBB3J2T+j6qAwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeKmAjEqtuu1TgHdoW2HBAxl - 0VobxKLIsRcdnNxE37sg+5QeQZhdVm2Br8TLNJ1ZbaQYmuDbgHq2rYto67KPfKMy - MDAwHQYDVR0OBBYEFIoxhAmFcxrFGMONFms1uDg95j+7MA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSAAwRQIgc48PEcKNylJ0B515Lw1ERKLPxZgJnx/gRi2p - 31TF5A8CIQCCU1YdO6sYHqZRnjyuOTfUNZW4S/rHwRZEUQkF06tYKQ== + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5PRdPVbTQfp2+nJQ0eEsIVt/ + a2/WXIYl4cDnMXWio68l+6k/EsslZLTJHiNPka38LrqW0AoGGLGxTcZFRVA5q6My + MDAwHQYDVR0OBBYEFGI9LFVk3U1+qmkJHgQdydk/o+qgMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSQAwRgIhAPUhpvQxM49ld1Xypr4qeK0lz+2kKe3Fb15J + jNa4WIX+AiEAnV7/ewGQ3iUzLbwRfu9EeU81HKbCvKZd3Bek8Zke7aU= -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBeTCCAR+gAwIBAgIUQ3UETwGs2DVmSAW0i0aWXg7F3kAwCgYIKoZIzj0EAwIw + MIIBejCCAR+gAwIBAgIUKT0cwbSRjY4L0+HVtyN4N10GMHUwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDIxEDAOBgNVBAoMB0NJVEFIdWIxHjAcBgNVBAMT FXRlc3QtY2hhaW4tcmFmdC1ub2RlMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA - BCkaOm5DrEmCx39HUwqGYRG8vQ2PNnZagkXoxqg3MA+VVhKUzhGO7YhpQbly40vo - hVGav9CTuvzzEc7S66ItaVajJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm - dC1ub2RlMjAKBggqhkjOPQQDAgNIADBFAiEAjCxNLKy6P5lqXcQxYlrAhXsoQTnn - 9r4u8ortRBLRqC8CIHcyTzhDGtaHpdDBu8UJc2xGBKhe9RnykD/ccraqOViD + BMcbDhuWaOhzrPXWRiIOYQxLZUlByncr25ICCXINybsAuchdU4JTbUOC0eYj016w + snptJ/ILq6AFyHGg5yhL6jCjJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm + dC1ub2RlMjAKBggqhkjOPQQDAgNJADBGAiEAvzlEK/1+W377VRSq405nHy0mhm0x + NERzRIImgJjoHQgCIQCiixw6oS3ee9c/n31fBfSwx4Xgfiha8CZsny0TM9jxHw== -----END CERTIFICATE----- """ chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" @@ -36,9 +36,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgW2QfDnKMCeqXdkr5 - kZ1Dn6yCUlz7S4+38kwGfBLQTWShRANCAAQpGjpuQ6xJgsd/R1MKhmERvL0NjzZ2 - WoJF6MaoNzAPlVYSlM4Rju2IaUG5cuNL6IVRmr/Qk7r88xHO0uuiLWlW + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQguuT9+q9EFuNVTV47 + 4wCJqM/yhkivxyxAfAlXG9pktOmhRANCAATHGw4blmjoc6z11kYiDmEMS2VJQcp3 + K9uSAglyDcm7ALnIXVOCU21DgtHmI9NesLJ6bSfyC6ugBchxoOcoS+ow -----END PRIVATE KEY----- """ protocol = "quic" @@ -114,6 +114,10 @@ data: secret_access_key = "testtest" service_type = "s3" + [storage_opendal.exporter] + base_path = "" + chain_name = "test-chain-raft" + [storage_opendal.log_config] filter = "info" max_level = "info" @@ -121,7 +125,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332166410 + timestamp = 1718694932661 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -130,10 +134,10 @@ data: chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" quota_limit = 1073741824 validators = [ - "ac9a0cd0a9e60519b1575158044843dabeec1276", - "d5cc5d9443a4c1d8c0f3fc9650538981d8582adf", - "1355af5612e81327151faa0fe76fadeed495444a", - "90a7e0b542cf5ce4997b6b043f6771b1da1e7790", + "a5093b0b475af7f69997ff014a302f6b96a7083b", + "3decec23d841675a4ab21653cc4f5f0b13fb5e3c", + "05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2", + "66b0ca5b80cf7e0639ab03130dead022112a703b", ] version = 0 diff --git a/test/resource/raft/test-chain-raft-node3/cm-account.yaml b/test/resource/raft/test-chain-raft-node3/cm-account.yaml index d994ead..b1c5e2c 100644 --- a/test/resource/raft/test-chain-raft-node3/cm-account.yaml +++ b/test/resource/raft/test-chain-raft-node3/cm-account.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap binaryData: - private_key: Mjg5NGQ2ODE0ZDQyMDQyOGI2ZmY2MWNjODMzYTU0NzM5MmMxMGFlMWI3OTJhMGY0Y2FhNmQ2MDc2OGE5ZDU2YQ== + private_key: NmE5NGUyY2UyOWI4YTczNzMzMGI0MzhkZWI3YTlmNGNjYjY4NGE3ZGJhZWZhNmM3YWE2Y2YzN2I1YjA0YzllZg== data: - node_address: 90a7e0b542cf5ce4997b6b043f6771b1da1e7790 - validator_address: 90a7e0b542cf5ce4997b6b043f6771b1da1e7790 + node_address: 66b0ca5b80cf7e0639ab03130dead022112a703b + validator_address: 66b0ca5b80cf7e0639ab03130dead022112a703b metadata: labels: app.kubernetes.io/chain-name: test-chain-raft diff --git a/test/resource/raft/test-chain-raft-node3/cm-config.yaml b/test/resource/raft/test-chain-raft-node3/cm-config.yaml index 818874c..b24c6ad 100644 --- a/test/resource/raft/test-chain-raft-node3/cm-config.yaml +++ b/test/resource/raft/test-chain-raft-node3/cm-config.yaml @@ -5,26 +5,26 @@ data: [network_zenoh] ca_cert = """ -----BEGIN CERTIFICATE----- - MIIBdDCCARqgAwIBAgIUCjGECYVzGsUYw40WazW4OD3mP7swCgYIKoZIzj0EAwIw + MIIBdTCCARqgAwIBAgIUYj0sVWTdTX6qaQkeBB3J2T+j6qAwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMB8xEDAOBgNVBAoMB0NJVEFIdWIxCzAJBgNVBAMT - AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeKmAjEqtuu1TgHdoW2HBAxl - 0VobxKLIsRcdnNxE37sg+5QeQZhdVm2Br8TLNJ1ZbaQYmuDbgHq2rYto67KPfKMy - MDAwHQYDVR0OBBYEFIoxhAmFcxrFGMONFms1uDg95j+7MA8GA1UdEwEB/wQFMAMB - Af8wCgYIKoZIzj0EAwIDSAAwRQIgc48PEcKNylJ0B515Lw1ERKLPxZgJnx/gRi2p - 31TF5A8CIQCCU1YdO6sYHqZRnjyuOTfUNZW4S/rHwRZEUQkF06tYKQ== + AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5PRdPVbTQfp2+nJQ0eEsIVt/ + a2/WXIYl4cDnMXWio68l+6k/EsslZLTJHiNPka38LrqW0AoGGLGxTcZFRVA5q6My + MDAwHQYDVR0OBBYEFGI9LFVk3U1+qmkJHgQdydk/o+qgMA8GA1UdEwEB/wQFMAMB + Af8wCgYIKoZIzj0EAwIDSQAwRgIhAPUhpvQxM49ld1Xypr4qeK0lz+2kKe3Fb15J + jNa4WIX+AiEAnV7/ewGQ3iUzLbwRfu9EeU81HKbCvKZd3Bek8Zke7aU= -----END CERTIFICATE----- """ cert = """ -----BEGIN CERTIFICATE----- - MIIBejCCAR+gAwIBAgIUPtqB83hhKSlAQSA0gkvNEg03vh4wCgYIKoZIzj0EAwIw + MIIBeTCCAR+gAwIBAgIUZ/aZCZBbbhBe1j0RQsktFHaK+zkwCgYIKoZIzj0EAwIw HzEQMA4GA1UECgwHQ0lUQUh1YjELMAkGA1UEAxMCQ0EwIBcNNzUwMTAxMDAwMDAw WhgPNDA5NjAxMDEwMDAwMDBaMDIxEDAOBgNVBAoMB0NJVEFIdWIxHjAcBgNVBAMT FXRlc3QtY2hhaW4tcmFmdC1ub2RlMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA - BMQ1GBP8w9RggRAQF+vYQghpTL9w8jDjUOuB/flWbu0KKkfsp1QmsE3mqhn0ksnK - J2tYSl1LA0CnIUI8vYcxt3WjJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm - dC1ub2RlMzAKBggqhkjOPQQDAgNJADBGAiEAz+9Pf8tsyiyZuG2yjKVB4qzYlqNm - Ozc3PRSO8HFHNvYCIQCphBAe3DfjoReEQbFIbzmKNNMamt9iAEjv6eTiNLfJmQ== + BK9dJQ6zxEm9F+tnWc8WP81TrkQWH6wzDWoXLljIWOW6V0zeFqAXwDcLytLsakQj + bqAK0VAIEHzFQopsE4ItodejJDAiMCAGA1UdEQQZMBeCFXRlc3QtY2hhaW4tcmFm + dC1ub2RlMzAKBggqhkjOPQQDAgNIADBFAiEAmtnxaFxOog/lVKZaSjT+uu3r0WrU + 5ioKBK8u6/PqrXkCIHBkrklIZHTL6erLhcOj9p+X4oSXz7zA86aNWLJb4ra/ -----END CERTIFICATE----- """ chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" @@ -36,9 +36,9 @@ data: port = 40000 priv_key = """ -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgUJBsNoyIx40QWG+c - 4v63yCnD/a8y4WHroziDAcZWaGChRANCAATENRgT/MPUYIEQEBfr2EIIaUy/cPIw - 41Drgf35Vm7tCipH7KdUJrBN5qoZ9JLJyidrWEpdSwNApyFCPL2HMbd1 + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgzO7PCykPsw2r25m1 + EY45ni8ZFzkQfZ47KKbcJhnH4bOhRANCAASvXSUOs8RJvRfrZ1nPFj/NU65EFh+s + Mw1qFy5YyFjluldM3hagF8A3C8rS7GpEI26gCtFQCBB8xUKKbBOCLaHX -----END PRIVATE KEY----- """ protocol = "quic" @@ -114,6 +114,10 @@ data: secret_access_key = "testtest" service_type = "s3" + [storage_opendal.exporter] + base_path = "" + chain_name = "test-chain-raft" + [storage_opendal.log_config] filter = "info" max_level = "info" @@ -121,7 +125,7 @@ data: [genesis_block] prevhash = "0x0000000000000000000000000000000000000000000000000000000000000000" - timestamp = 1710332166410 + timestamp = 1718694932661 [system_config] admin = "9bab5858df4a9e84ff3958884a01a4fce5e07edb" @@ -130,10 +134,10 @@ data: chain_id = "dc4257d3bdc69554939072abac52e72b6c4a0b8d00c6fda5bc1bacbc5a4cb00f" quota_limit = 1073741824 validators = [ - "ac9a0cd0a9e60519b1575158044843dabeec1276", - "d5cc5d9443a4c1d8c0f3fc9650538981d8582adf", - "1355af5612e81327151faa0fe76fadeed495444a", - "90a7e0b542cf5ce4997b6b043f6771b1da1e7790", + "a5093b0b475af7f69997ff014a302f6b96a7083b", + "3decec23d841675a4ab21653cc4f5f0b13fb5e3c", + "05a403c866af1fe82f6f28492c5d4a9d1d4a6fb2", + "66b0ca5b80cf7e0639ab03130dead022112a703b", ] version = 0 diff --git a/test/resource/update_chain_config.sh b/test/resource/update_chain_config.sh index 02a3a5b..a9aa2ae 100755 --- a/test/resource/update_chain_config.sh +++ b/test/resource/update_chain_config.sh @@ -2,8 +2,8 @@ mkdir tmp && cd tmp echo "update-overlord..." -docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config create --chain-name test-chain-overlord --admin 0x9bab5858df4a9e84ff3958884a01a4fce5e07edb --nodelist localhost:40000:node0:k8s,localhost:40001:node1:k8s,localhost:40002:node2:k8s,localhost:40003:node3:k8s --consensus_image consensus_overlord --enable-tx-persistence --access-key-id admin --secret-access-key testtest --s3-endpoint http://minio:9000 --s3-bucket cita-cloud --service-type s3 --s3-root overlord --s3-region cn-east-1 -docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config append --chain-name test-chain-overlord --node localhost:40004:node4:k8s --enable-tx-persistence --access-key-id admin --secret-access-key testtest --s3-endpoint http://minio:9000 --s3-bucket cita-cloud --service-type s3 --s3-root overlord --s3-region cn-east-1 +docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config create --chain-name test-chain-overlord --admin 0x9bab5858df4a9e84ff3958884a01a4fce5e07edb --nodelist localhost:40000:node0:k8s,localhost:40001:node1:k8s,localhost:40002:node2:k8s,localhost:40003:node3:k8s --consensus_image consensus_overlord --enable-tx-persistence --exporter-path http://my-bridge-bridge-service:8080 +docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config append --chain-name test-chain-overlord --node localhost:40004:node4:k8s --enable-tx-persistence --exporter-path http://my-bridge-bridge-service:8080 docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config update-yaml --chain-name test-chain-overlord --docker-registry registry.devops.rivtower.com --docker-repo cita-cloud --pull-policy Always --storage-class nfs-client --domain node0 --disable-health-check --access-mode ReadWriteOnce docker run -it --rm -v $(pwd):/data -w /data registry.devops.rivtower.com/cita-cloud/cloud-config cloud-config update-yaml --chain-name test-chain-overlord --docker-registry registry.devops.rivtower.com --docker-repo cita-cloud --pull-policy Always --storage-class nfs-client --domain node1 --disable-health-check --access-mode ReadWriteOnce