From 1bdbb7c5386eca608739fd16e82b8033ea48929a Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 3 Apr 2024 14:36:59 +0000 Subject: [PATCH] feat: version upgrades for opensearch and operators --- charts/kubezero-operators/README.md | 6 +- .../charts/eck-operator/Chart.yaml | 4 +- .../charts/eck-operator/crds/all-crds.yaml | 9822 ++++++++--------- .../eck-operator/templates/_helpers.tpl | 13 + .../templates/auth-proxy-service.yaml | 22 + .../eck-operator/templates/cluster-roles.yaml | 25 + .../eck-operator/templates/configmap.yaml | 10 +- .../templates/operator-network-policy.yaml | 2 +- .../eck-operator/templates/podMonitor.yaml | 12 +- .../eck-operator/templates/role-bindings.yaml | 18 + .../templates/serviceMonitor.yaml | 31 + .../eck-operator/templates/statefulset.yaml | 51 +- .../charts/eck-operator/values.yaml | 76 +- charts/kubezero-telemetry/Chart.yaml | 4 +- charts/kubezero-telemetry/values.yaml | 4 +- charts/kubezero/values.yaml | 4 +- 16 files changed, 5008 insertions(+), 5096 deletions(-) create mode 100644 charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml create mode 100644 charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml diff --git a/charts/kubezero-operators/README.md b/charts/kubezero-operators/README.md index 8cdb1de..a2c4dff 100644 --- a/charts/kubezero-operators/README.md +++ b/charts/kubezero-operators/README.md @@ -1,6 +1,6 @@ # kubezero-operators -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Various operators supported by KubeZero @@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://helm.elastic.co | eck-operator | 2.11.1 | +| https://helm.elastic.co | eck-operator | 2.12.1 | | https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.5.1 | ## Values @@ -34,6 +34,8 @@ Kubernetes: `>= 1.26.0` | opensearch-operator.enabled | bool | `false` | | | opensearch-operator.fullnameOverride | string | `"opensearch-operator"` | | | opensearch-operator.kubeRbacProxy.enable | bool | `false` | | +| opensearch-operator.manager.extraEnv[0].name | string | `"SKIP_INIT_CONTAINER"` | | +| opensearch-operator.manager.extraEnv[0].value | string | `"true"` | | | opensearch-operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | opensearch-operator.tolerations[0].effect | string | `"NoSchedule"` | | | opensearch-operator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | diff --git a/charts/kubezero-operators/charts/eck-operator/Chart.yaml b/charts/kubezero-operators/charts/eck-operator/Chart.yaml index 8648f8c..6b26101 100644 --- a/charts/kubezero-operators/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-operators/charts/eck-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.11.1 +appVersion: 2.12.1 description: Elastic Cloud on Kubernetes (ECK) operator home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png @@ -18,4 +18,4 @@ maintainers: name: Elastic name: eck-operator type: application -version: 2.11.1 +version: 2.12.1 diff --git a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml index 7209640..ffe87cc 100644 --- a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml @@ -4,13 +4,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: agents.agent.k8s.elastic.co spec: group: agent.k8s.elastic.co @@ -50,14 +50,19 @@ spec: description: Agent is the Schema for the Agents API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -70,19 +75,19 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Agent configuration. Agent settings must be specified - as yaml, under a single "agent.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Agent configuration. + Agent settings must be specified as yaml, under a single "agent.yml" entry. At most one of [`Config`, `ConfigRef`] + can be specified. properties: secretName: description: SecretName is the name of the secret. type: string type: object daemonSet: - description: DaemonSet specifies the Agent should be deployed as a - DaemonSet, and allows providing its spec. Cannot be used along with - `deployment` or `statefulSet`. + description: |- + DaemonSet specifies the Agent should be deployed as a DaemonSet, and allows providing its spec. + Cannot be used along with `deployment` or `statefulSet`. properties: podTemplate: description: PodTemplateSpec describes the data a pod should have @@ -94,59 +99,56 @@ spec: the update strategy for a DaemonSet. properties: rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow - our convention for oneOf, whatever we decide it to be. Same - as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + description: |- + Rolling update config params. Present only if type = "RollingUpdate". + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. Same as Deployment `strategy.rollingUpdate`. + See https://github.com/kubernetes/kubernetes/issues/35345 properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of nodes with an existing - available DaemonSet pod that can have an updated DaemonSet - pod during during an update. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up - to a minimum of 1. Default value is 0. Example: when - this is set to 30%, at most 30% of the total number - of nodes that should be running the daemon pod (i.e. - status.desiredNumberScheduled) can have their a new - pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. - Once an updated pod is available (Ready for at least - minReadySeconds) the old DaemonSet pod on that node - is marked deleted. If the old pod becomes unavailable - for any reason (Ready transitions to false, is evicted, - or is drained) an updated pod is immediatedly created - on that node without considering surge limits. Allowing - surge implies the possibility that the resources consumed - by the daemonset on any given node can double if the - readiness check fails, and so resource intensive daemonsets - should take into account that they may cause evictions - during disruption.' + description: |- + The maximum number of nodes with an existing available DaemonSet pod that + can have an updated DaemonSet pod during during an update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up to a minimum of 1. + Default value is 0. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their a new pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. Once an updated + pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + on that node is marked deleted. If the old pod becomes unavailable for any + reason (Ready transitions to false, is evicted, or is drained) an updated + pod is immediatedly created on that node without considering surge limits. + Allowing surge implies the possibility that the resources consumed by the + daemonset on any given node can double if the readiness check fails, and + so resource intensive daemonsets should take into account that they may + cause evictions during disruption. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% - of the total number of nodes that should be running - the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods - in their place. Once the new pods are available, it - then proceeds onto other DaemonSet pods, thus ensuring - that at least 70% of original number of DaemonSet pods - are available at all times during the update.' + description: |- + The maximum number of DaemonSet pods that can be unavailable during the + update. Value can be an absolute number (ex: 5) or a percentage of total + number of DaemonSet pods at the start of the update (ex: 10%). Absolute + number is calculated from percentage by rounding up. + This cannot be 0 if MaxSurge is 0 + Default value is 1. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. The update + starts by stopping at most 30% of those DaemonSet pods and then brings + up new DaemonSet pods in their place. Once the new pods are available, + it then proceeds onto other DaemonSet pods, thus ensuring that at least + 70% of original number of DaemonSet pods are available at all times during + the update. x-kubernetes-int-or-string: true type: object type: @@ -156,9 +158,9 @@ spec: type: object type: object deployment: - description: Deployment specifies the Agent should be deployed as - a Deployment, and allows providing its spec. Cannot be used along - with `daemonSet` or `statefulSet`. + description: |- + Deployment specifies the Agent should be deployed as a Deployment, and allows providing its spec. + Cannot be used along with `daemonSet` or `statefulSet`. properties: podTemplate: description: PodTemplateSpec describes the data a pod should have @@ -173,45 +175,45 @@ spec: pods with new ones. properties: rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update - this to follow our convention for oneOf, whatever we decide - it to be.' + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up. - Defaults to 25%. Example: when this is set to 30%, the - new ReplicaSet can be scaled up immediately when the - rolling update starts, such that the total number of - old and new pods do not exceed 130% of desired pods. - Once old pods have been killed, new ReplicaSet can be - scaled up further, ensuring that total number of pods - running at any time during the update is at most 130% - of desired pods.' + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods immediately - when the rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that the - total number of pods available at all times during the - update is at least 70% of desired pods.' + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. x-kubernetes-int-or-string: true type: object type: @@ -221,9 +223,9 @@ spec: type: object type: object elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of Elasticsearch - clusters running in the same Kubernetes cluster. Due to existing - limitations, only a single ES cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single ES cluster is currently supported. items: properties: name: @@ -237,23 +239,20 @@ spec: outputName: type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: - the password of the user to be authenticated to the Elastic - resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the other fields - name, namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced - resource is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -262,9 +261,9 @@ spec: launch Fleet Server. Don't set unless `mode` is set to `fleet`. type: boolean fleetServerRef: - description: FleetServerRef is a reference to Fleet Server that this - Agent should connect to to obtain it's configuration. Don't set - unless `mode` is set to `fleet`. + description: |- + FleetServerRef is a reference to Fleet Server that this Agent should connect to to obtain it's configuration. + Don't set unless `mode` is set to `fleet`. properties: name: description: Name of an existing Kubernetes object corresponding @@ -275,23 +274,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -303,9 +299,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -328,257 +324,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -588,23 +563,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -615,36 +590,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -655,33 +629,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -689,12 +662,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -731,9 +706,9 @@ spec: to match the Agent in the image. type: string kibanaRef: - description: KibanaRef is a reference to Kibana where Fleet should - be set up and this Agent should be enrolled. Don't set unless `mode` - is set to `fleet`. + description: |- + KibanaRef is a reference to Kibana where Fleet should be set up and this Agent should be enrolled. Don't set + unless `mode` is set to `fleet`. properties: name: description: Name of an existing Kubernetes object corresponding @@ -744,38 +719,35 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object mode: - description: Mode specifies the source of configuration for the Agent. - The configuration can be specified locally through `config` or `configRef` - (`standalone` mode), or come from Fleet during runtime (`fleet` - mode). Defaults to `standalone` mode. + description: |- + Mode specifies the source of configuration for the Agent. The configuration can be specified locally through + `config` or `configRef` (`standalone` mode), or come from Fleet during runtime (`fleet` mode). + Defaults to `standalone` mode. enum: - standalone - fleet type: string policyID: - description: PolicyID determines into which Agent Policy this Agent - will be enrolled. This field will become mandatory in a future release, - default policies are deprecated since 8.1.0. + description: |- + PolicyID determines into which Agent Policy this Agent will be enrolled. + This field will become mandatory in a future release, default policies are deprecated since 8.1.0. type: string revisionHistoryLimit: description: RevisionHistoryLimit is the number of revisions to retain @@ -783,20 +755,19 @@ spec: format: int32 type: integer secureSettings: - description: SecureSettings is a list of references to Kubernetes - Secrets containing sensitive configuration options for the Agent. - Secrets data can be then referenced in the Agent config using the - Secret's keys or as specified in `Entries` field of each SecureSetting. + description: |- + SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent. + Secrets data can be then referenced in the Agent config using the Secret's keys or as specified in `Entries` field of + each SecureSetting. items: description: SecretSource defines a data source based on a Kubernetes Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -805,9 +776,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -821,27 +792,26 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to an Elasticsearch resource in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to an Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string statefulSet: - description: StatefulSet specifies the Agent should be deployed as - a StatefulSet, and allows providing its spec. Cannot be used along - with `daemonSet` or `deployment`. + description: |- + StatefulSet specifies the Agent should be deployed as a StatefulSet, and allows providing its spec. + Cannot be used along with `daemonSet` or `deployment`. properties: podManagementPolicy: default: Parallel - description: PodManagementPolicy controls how pods are created - during initial scale up, when replacing pods on nodes, or when - scaling down. The default policy is `Parallel`, where pods are - created in parallel to match the desired scale without waiting, - and on scale down will delete all pods at once. The alternative - policy is `OrderedReady`, the default for vanilla kubernetes - StatefulSets, where pods are created in increasing order in - increasing order (pod-0, then pod-1, etc.) and the controller - will wait until each pod is ready before continuing. When scaling - down, the pods are removed in the opposite order. + description: |- + PodManagementPolicy controls how pods are created during initial scale up, + when replacing pods on nodes, or when scaling down. The default policy is + `Parallel`, where pods are created in parallel to match the desired scale + without waiting, and on scale down will delete all pods at once. + The alternative policy is `OrderedReady`, the default for vanilla kubernetes + StatefulSets, where pods are created in increasing order in increasing order + (pod-0, then pod-1, etc.) and the controller will wait until each pod is ready before + continuing. When scaling down, the pods are removed in the opposite order. enum: - OrderedReady - Parallel @@ -857,29 +827,33 @@ spec: serviceName: type: string volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod. Every claim in this list must - have a matching volumeMount in one of the containers defined - in the PodTemplate. Items defined here take precedence over - any default claims added by the operator with the same name. + description: |- + VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod. + Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. + Items defined here take precedence over any default claims added by the operator with the same name. items: description: PersistentVolumeClaim is a user's request for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: @@ -899,32 +873,32 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on - the contents of the specified data source. When the - AnyVolumeDataSource feature gate is enabled, dataSource - contents will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: @@ -941,40 +915,35 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. There - are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: @@ -986,51 +955,23 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is - specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace to - allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the - status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1038,8 +979,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1048,12 +990,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -1064,26 +1005,25 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1095,23 +1035,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is implied - when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to @@ -1137,10 +1091,9 @@ spec: additionalProperties: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a - single Association of a given type (for ex. single ES reference), - this map contains a single entry. + description: |- + AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that + have a single Association of a given type (for ex. single ES reference), this map contains a single entry. type: object expectedNodes: format: int32 @@ -1154,18 +1107,17 @@ spec: description: AssociationStatus is the status of an association resource. type: string observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this Elastic Agent. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Elastic Agent controller has not yet processed the changes contained - in the Elastic Agent specification. + description: |- + ObservedGeneration is the most recent generation observed for this Elastic Agent. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Elastic + Agent controller has not yet processed the changes contained in the Elastic Agent specification. format: int64 type: integer version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -1179,13 +1131,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: apmservers.apm.k8s.elastic.co spec: group: apm.k8s.elastic.co @@ -1221,14 +1173,19 @@ spec: description: ApmServer represents an APM Server resource in a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1256,23 +1213,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -1284,9 +1238,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -1309,257 +1263,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -1569,23 +1502,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -1596,36 +1529,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -1636,33 +1568,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -1670,12 +1601,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -1711,9 +1644,9 @@ spec: description: Image is the APM Server Docker image to deploy. type: string kibanaRef: - description: KibanaRef is a reference to a Kibana instance running - in the same Kubernetes cluster. It allows APM agent central configuration - management in Kibana. + description: |- + KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. + It allows APM agent central configuration management in Kibana. properties: name: description: Name of an existing Kubernetes object corresponding @@ -1724,23 +1657,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object podTemplate: @@ -1762,11 +1692,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -1775,9 +1704,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -1791,8 +1720,8 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. Elasticsearch) in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -1826,12 +1755,11 @@ spec: to Kibana. type: string observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that the status is based upon. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - APM Server controller has not yet processed the changes contained - in the APM Server specification. + description: |- + ObservedGeneration represents the .metadata.generation that the status is based upon. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the APM Server + controller has not yet processed the changes contained in the APM Server specification. format: int64 type: integer secretTokenSecret: @@ -1846,9 +1774,9 @@ spec: should connect to. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -1881,14 +1809,19 @@ spec: description: ApmServer represents an APM Server resource in a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1926,9 +1859,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -1951,257 +1884,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -2211,23 +2123,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -2238,36 +2150,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -2278,33 +2189,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -2312,12 +2222,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -2366,11 +2278,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -2379,9 +2290,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -2440,13 +2351,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: beats.beat.k8s.elastic.co spec: group: beat.k8s.elastic.co @@ -2490,14 +2401,19 @@ spec: description: Beat is the Schema for the Beats API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2510,19 +2426,19 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Beat configuration. Beat settings must be specified - as yaml, under a single "beat.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration. + Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`] + can be specified. properties: secretName: description: SecretName is the name of the secret. type: string type: object daemonSet: - description: DaemonSet specifies the Beat should be deployed as a - DaemonSet, and allows providing its spec. Cannot be used along with - `deployment`. If both are absent a default for the Type is used. + description: |- + DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec. + Cannot be used along with `deployment`. If both are absent a default for the Type is used. properties: podTemplate: description: PodTemplateSpec describes the data a pod should have @@ -2534,59 +2450,56 @@ spec: the update strategy for a DaemonSet. properties: rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow - our convention for oneOf, whatever we decide it to be. Same - as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + description: |- + Rolling update config params. Present only if type = "RollingUpdate". + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. Same as Deployment `strategy.rollingUpdate`. + See https://github.com/kubernetes/kubernetes/issues/35345 properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of nodes with an existing - available DaemonSet pod that can have an updated DaemonSet - pod during during an update. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up - to a minimum of 1. Default value is 0. Example: when - this is set to 30%, at most 30% of the total number - of nodes that should be running the daemon pod (i.e. - status.desiredNumberScheduled) can have their a new - pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. - Once an updated pod is available (Ready for at least - minReadySeconds) the old DaemonSet pod on that node - is marked deleted. If the old pod becomes unavailable - for any reason (Ready transitions to false, is evicted, - or is drained) an updated pod is immediatedly created - on that node without considering surge limits. Allowing - surge implies the possibility that the resources consumed - by the daemonset on any given node can double if the - readiness check fails, and so resource intensive daemonsets - should take into account that they may cause evictions - during disruption.' + description: |- + The maximum number of nodes with an existing available DaemonSet pod that + can have an updated DaemonSet pod during during an update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up to a minimum of 1. + Default value is 0. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their a new pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. Once an updated + pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + on that node is marked deleted. If the old pod becomes unavailable for any + reason (Ready transitions to false, is evicted, or is drained) an updated + pod is immediatedly created on that node without considering surge limits. + Allowing surge implies the possibility that the resources consumed by the + daemonset on any given node can double if the readiness check fails, and + so resource intensive daemonsets should take into account that they may + cause evictions during disruption. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% - of the total number of nodes that should be running - the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods - in their place. Once the new pods are available, it - then proceeds onto other DaemonSet pods, thus ensuring - that at least 70% of original number of DaemonSet pods - are available at all times during the update.' + description: |- + The maximum number of DaemonSet pods that can be unavailable during the + update. Value can be an absolute number (ex: 5) or a percentage of total + number of DaemonSet pods at the start of the update (ex: 10%). Absolute + number is calculated from percentage by rounding up. + This cannot be 0 if MaxSurge is 0 + Default value is 1. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. The update + starts by stopping at most 30% of those DaemonSet pods and then brings + up new DaemonSet pods in their place. Once the new pods are available, + it then proceeds onto other DaemonSet pods, thus ensuring that at least + 70% of original number of DaemonSet pods are available at all times during + the update. x-kubernetes-int-or-string: true type: object type: @@ -2596,9 +2509,9 @@ spec: type: object type: object deployment: - description: Deployment specifies the Beat should be deployed as a - Deployment, and allows providing its spec. Cannot be used along - with `daemonSet`. If both are absent a default for the Type is used. + description: |- + Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec. + Cannot be used along with `daemonSet`. If both are absent a default for the Type is used. properties: podTemplate: description: PodTemplateSpec describes the data a pod should have @@ -2613,45 +2526,45 @@ spec: pods with new ones. properties: rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update - this to follow our convention for oneOf, whatever we decide - it to be.' + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up. - Defaults to 25%. Example: when this is set to 30%, the - new ReplicaSet can be scaled up immediately when the - rolling update starts, such that the total number of - old and new pods do not exceed 130% of desired pods. - Once old pods have been killed, new ReplicaSet can be - scaled up further, ensuring that total number of pods - running at any time during the update is at most 130% - of desired pods.' + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods immediately - when the rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that the - total number of pods available at all times during the - update is at least 70% of desired pods.' + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. x-kubernetes-int-or-string: true type: object type: @@ -2673,23 +2586,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object image: @@ -2697,9 +2607,9 @@ spec: Type have to match the Beat in the image. type: string kibanaRef: - description: KibanaRef is a reference to a Kibana instance running - in the same Kubernetes cluster. It allows automatic setup of dashboards - and visualizations. + description: |- + KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. + It allows automatic setup of dashboards and visualizations. properties: name: description: Name of an existing Kubernetes object corresponding @@ -2710,45 +2620,40 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object monitoring: - description: Monitoring enables you to collect and ship logs and metrics - for this Beat. Metricbeat and/or Filebeat sidecars are configured - and send monitoring data to an Elasticsearch monitoring cluster - running in the same Kubernetes cluster. + description: |- + Monitoring enables you to collect and ship logs and metrics for this Beat. + Metricbeat and/or Filebeat sidecars are configured and send monitoring data to an + Elasticsearch monitoring cluster running in the same Kubernetes cluster. properties: logs: description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -2759,25 +2664,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -2787,15 +2687,13 @@ spec: which receive monitoring data from this resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -2806,25 +2704,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -2836,20 +2729,19 @@ spec: format: int32 type: integer secureSettings: - description: SecureSettings is a list of references to Kubernetes - Secrets containing sensitive configuration options for the Beat. - Secrets data can be then referenced in the Beat config using the - Secret's keys or as specified in `Entries` field of each SecureSetting. + description: |- + SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat. + Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of + each SecureSetting. items: description: SecretSource defines a data source based on a Kubernetes Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -2858,9 +2750,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -2874,16 +2766,15 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. + description: |- + ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace. + Can only be used if ECK is enforcing RBAC on references. type: string type: - description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, and so on). Any string - can be used, but well-known types will have the image field defaulted - and have the appropriate Elasticsearch roles created automatically. - It also allows for dashboard setup when combined with a `KibanaRef`. + description: |- + Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, and so on). + Any string can be used, but well-known types will have the image field defaulted and have the appropriate + Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`. maxLength: 20 pattern: '[a-zA-Z0-9-]+' type: string @@ -2915,24 +2806,22 @@ spec: additionalProperties: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a - single Association of a given type (for ex. single ES reference), - this map contains a single entry. + description: |- + AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that + have a single Association of a given type (for ex. single ES reference), this map contains a single entry. type: object observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that the status is based upon. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Beats controller has not yet processed the changes contained in - the Beats specification. + description: |- + ObservedGeneration represents the .metadata.generation that the status is based upon. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Beats + controller has not yet processed the changes contained in the Beats specification. format: int64 type: integer version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -2946,13 +2835,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: elasticmapsservers.maps.k8s.elastic.co spec: group: maps.k8s.elastic.co @@ -2989,14 +2878,19 @@ spec: a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3010,10 +2904,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Elastic Maps Server configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration. + Configuration settings are merged and have precedence over settings specified in `config`. properties: secretName: description: SecretName is the name of the secret. @@ -3036,23 +2929,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -3064,9 +2954,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -3089,257 +2979,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -3349,23 +3218,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -3376,36 +3245,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -3416,33 +3284,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -3450,12 +3317,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -3502,8 +3371,8 @@ spec: format: int32 type: integer serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. Elasticsearch) in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -3532,21 +3401,20 @@ spec: description: Health of the deployment. type: string observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this Elastic Maps Server. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Elastic Maps controller has not yet processed the changes contained - in the Elastic Maps specification. + description: |- + ObservedGeneration is the most recent generation observed for this Elastic Maps Server. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Elastic + Maps controller has not yet processed the changes contained in the Elastic Maps specification. format: int64 type: integer selector: description: Selector is the label selector used to find all pods. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -3564,13 +3432,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: elasticsearchautoscalers.autoscaling.k8s.elastic.co spec: group: autoscaling.k8s.elastic.co @@ -3605,14 +3473,19 @@ spec: resource in a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3639,9 +3512,9 @@ spec: additionalProperties: additionalProperties: type: string - description: DeciderSettings allow the user to tweak autoscaling - deciders. The map data structure complies with the - format expected by Elasticsearch. + description: |- + DeciderSettings allow the user to tweak autoscaling deciders. + The map data structure complies with the format expected by Elasticsearch. type: object description: Deciders allow the user to override default settings for autoscaling deciders. @@ -3651,16 +3524,13 @@ spec: specification. type: string resources: - description: AutoscalingResources model the limits, submitted - by the user, for the supported resources in an autoscaling - policy. Only the node count range is mandatory. For other - resources, a limit range is required only if the Elasticsearch - autoscaling capacity API returns a requirement for a given - resource. For example, the memory limit range is only required - if the autoscaling API response contains a memory requirement. - If there is no limit range for a resource, and if that resource - is not mandatory, then the resources in the NodeSets managed - by the autoscaling policy are left untouched. + description: |- + AutoscalingResources model the limits, submitted by the user, for the supported resources in an autoscaling policy. + Only the node count range is mandatory. For other resources, a limit range is required only + if the Elasticsearch autoscaling capacity API returns a requirement for a given resource. + For example, the memory limit range is only required if the autoscaling API response contains a memory requirement. + If there is no limit range for a resource, and if that resource is not mandatory, then the resources in the NodeSets + managed by the autoscaling policy are left untouched. properties: cpu: description: QuantityRange models a resource limit range @@ -3803,9 +3673,9 @@ spec: description: Conditions holds the current service state of the autoscaling controller. items: - description: Condition represents Elasticsearch resource's condition. - **This API is in technical preview and may be changed or removed - in a future release.** + description: |- + Condition represents Elasticsearch resource's condition. + **This API is in technical preview and may be changed or removed in a future release.** properties: lastTransitionTime: format: date-time @@ -3862,10 +3732,9 @@ spec: type: object type: array resources: - description: ResourcesSpecification holds the resource values - common to all the nodeSets managed by a same autoscaling policy. - Only the resources managed by the autoscaling controller are - saved in the Status. + description: |- + ResourcesSpecification holds the resource values common to all the nodeSets managed by a same autoscaling policy. + Only the resources managed by the autoscaling controller are saved in the Status. properties: limits: additionalProperties: @@ -3920,13 +3789,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: elasticsearches.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co @@ -3966,14 +3835,19 @@ spec: cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -4016,9 +3890,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -4041,257 +3915,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -4301,23 +4154,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -4328,36 +4181,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -4368,33 +4220,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -4402,12 +4253,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -4443,26 +4296,24 @@ spec: description: Image is the Elasticsearch Docker image to deploy. type: string monitoring: - description: Monitoring enables you to collect and ship log and monitoring - data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. - Metricbeat and Filebeat are deployed in the same Pod as sidecars - and each one sends data to one or two different Elasticsearch monitoring - clusters running in the same Kubernetes cluster. + description: |- + Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster. + See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different + Elasticsearch monitoring clusters running in the same Kubernetes cluster. properties: logs: description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -4473,25 +4324,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -4501,15 +4347,13 @@ spec: which receive monitoring data from this resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -4520,25 +4364,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -4556,9 +4395,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true count: - description: Count of Elasticsearch nodes to deploy. If the - node set is managed by an autoscaling policy the initial value - is automatically set by the autoscaling controller. + description: |- + Count of Elasticsearch nodes to deploy. + If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller. format: int32 type: integer name: @@ -4574,31 +4413,33 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim - in this list must have a matching volumeMount in one of the - containers defined in the PodTemplate. Items defined here - take precedence over any default claims added by the operator - with the same name. + description: |- + VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. + Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. + Items defined here take precedence over any default claims added by the operator with the same name. items: description: PersistentVolumeClaim is a user's request for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: @@ -4618,35 +4459,33 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -4662,42 +4501,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -4708,52 +4541,23 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4761,8 +4565,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -4771,12 +4576,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -4788,26 +4592,25 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4819,23 +4622,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to @@ -4850,17 +4667,16 @@ spec: minItems: 1 type: array podDisruptionBudget: - description: PodDisruptionBudget provides access to the default Pod - disruption budget for the Elasticsearch cluster. The default budget - doesn't allow any Pod to be removed in case the cluster is not green - or if there is only one node of type `data` or `master`. In all - other cases the default PodDisruptionBudget sets `minUnavailable` - equal to the total number of nodes minus 1. To disable, set `PodDisruptionBudget` - to the empty value (`{}` in YAML). + description: |- + PodDisruptionBudget provides access to the default Pod disruption budget for the Elasticsearch cluster. + The default budget doesn't allow any Pod to be removed in case the cluster is not green or if there is only one node of type `data` or `master`. + In all other cases the default PodDisruptionBudget sets `minUnavailable` equal to the total number of nodes minus 1. + To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML). properties: metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. + description: |- + ObjectMeta is the metadata of the PDB. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -4886,34 +4702,35 @@ spec: anyOf: - type: integer - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". + description: |- + An eviction is allowed if at most "maxUnavailable" pods selected by + "selector" are unavailable after the eviction, i.e. even in absence of + the evicted pod. For example, one can prevent all voluntary evictions + by specifying 0. This is a mutually exclusive setting with "minAvailable". x-kubernetes-int-or-string: true minAvailable: anyOf: - type: integer - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". + description: |- + An eviction is allowed if at least "minAvailable" pods selected by + "selector" will still be available after the eviction, i.e. even in the + absence of the evicted pod. So for example you can prevent all voluntary + evictions by specifying "100%". x-kubernetes-int-or-string: true selector: - description: Label query over pods whose evictions are managed - by the disruption budget. A null selector will match no - pods, while an empty ({}) selector will select all pods - within the namespace. + description: |- + Label query over pods whose evictions are managed by the disruption + budget. + A null selector will match no pods, while an empty ({}) selector will select + all pods within the namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -4921,17 +4738,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4943,38 +4759,45 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria - for when unhealthy pods should be considered for eviction. - Current implementation considers healthy pods, as pods that - have status.conditions item with type=\"Ready\",status=\"True\". - \n Valid policies are IfHealthyBudget and AlwaysAllow. If - no policy is specified, the default behavior will be used, - which corresponds to the IfHealthyBudget policy. \n IfHealthyBudget - policy means that running pods (status.phase=\"Running\"), - but not yet healthy can be evicted only if the guarded application - is not disrupted (status.currentHealthy is at least equal - to status.desiredHealthy). Healthy pods will be subject - to the PDB for eviction. \n AlwaysAllow policy means that - all running pods (status.phase=\"Running\"), but not yet - healthy are considered disrupted and can be evicted regardless - of whether the criteria in a PDB is met. This means perspective - running pods of a disrupted application might not get a - chance to become healthy. Healthy pods will be subject to - the PDB for eviction. \n Additional policies may be added - in the future. Clients making eviction decisions should - disallow eviction of unhealthy pods if they encounter an - unrecognized policy in this field. \n This field is beta-level. - The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy - is enabled (enabled by default)." + description: |- + UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods + should be considered for eviction. Current implementation considers healthy pods, + as pods that have status.conditions item with type="Ready",status="True". + + + Valid policies are IfHealthyBudget and AlwaysAllow. + If no policy is specified, the default behavior will be used, + which corresponds to the IfHealthyBudget policy. + + + IfHealthyBudget policy means that running pods (status.phase="Running"), + but not yet healthy can be evicted only if the guarded application is not + disrupted (status.currentHealthy is at least equal to status.desiredHealthy). + Healthy pods will be subject to the PDB for eviction. + + + AlwaysAllow policy means that all running pods (status.phase="Running"), + but not yet healthy are considered disrupted and can be evicted regardless + of whether the criteria in a PDB is met. This means perspective running + pods of a disrupted application might not get a chance to become healthy. + Healthy pods will be subject to the PDB for eviction. + + + Additional policies may be added in the future. + Clients making eviction decisions should disallow eviction of unhealthy pods + if they encounter an unrecognized policy in this field. + + + This field is beta-level. The eviction API uses this field when + the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). type: string type: object type: object @@ -4998,17 +4821,16 @@ spec: defaults to the current namespace. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty, the default HTTP service of the - referenced resource is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object name: - description: Name is the name of the remote cluster as it is - set in the Elasticsearch settings. The name is expected to - be unique for each remote clusters. + description: |- + Name is the name of the remote cluster as it is set in the Elasticsearch settings. + The name is expected to be unique for each remote clusters. minLength: 1 type: string required: @@ -5028,11 +4850,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -5041,9 +4862,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -5057,10 +4878,9 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. a remote Elasticsearch cluster) - in a different namespace. Can only be used if ECK is enforcing RBAC - on references. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. type: string transport: description: Transport holds transport layer settings for Elasticsearch. @@ -5070,9 +4890,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -5095,257 +4915,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -5355,23 +5154,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -5382,36 +5181,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -5422,33 +5220,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -5457,34 +5254,33 @@ spec: layer. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the CA certificate and private key for generating - node certificates. The referenced secret should contain - the following: \n - `ca.crt`: The CA certificate in PEM - format. - `ca.key`: The private key for the CA certificate - in PEM format." + description: |- + Certificate is a reference to a Kubernetes secret that contains the CA certificate + and private key for generating node certificates. + The referenced secret should contain the following: + + + - `ca.crt`: The CA certificate in PEM format. + - `ca.key`: The private key for the CA certificate in PEM format. properties: secretName: description: SecretName is the name of the secret. type: string type: object certificateAuthorities: - description: CertificateAuthorities is a reference to a config - map that contains one or more x509 certificates for trusted - authorities in PEM format. The certificates need to be in - a file called `ca.crt`. + description: |- + CertificateAuthorities is a reference to a config map that contains one or more x509 certificates for + trusted authorities in PEM format. The certificates need to be in a file called `ca.crt`. properties: configMapName: type: string type: object otherNameSuffix: - description: 'OtherNameSuffix when defined will be prefixed - with the Pod name and used as the common name, and the first - DNSName, as well as an OtherName required by Elasticsearch - in the Subject Alternative Name extension of each Elasticsearch - node''s transport TLS certificate. Example: if set to "node.cluster.local", - the generated certificate will have its otherName set to - ".node.cluster.local".' + description: |- + OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, + and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name + extension of each Elasticsearch node's transport TLS certificate. + Example: if set to "node.cluster.local", the generated certificate will have its otherName set to ".node.cluster.local". type: string subjectAltNames: description: SubjectAlternativeNames is a list of SANs to @@ -5512,19 +5308,17 @@ spec: when applying changes to the Elasticsearch cluster. properties: maxSurge: - description: MaxSurge is the maximum number of new Pods that - can be created exceeding the original number of Pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. + description: |- + MaxSurge is the maximum number of new Pods that can be created exceeding the original number of Pods defined in + the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will + disable the restriction. Defaults to unbounded if not specified. format: int32 type: integer maxUnavailable: - description: MaxUnavailable is the maximum number of Pods - that can be unavailable (not ready) during the update due - to circumstances under the control of the operator. Setting - a negative value will disable this restriction. Defaults - to 1 if not specified. + description: |- + MaxUnavailable is the maximum number of Pods that can be unavailable (not ready) during the update due to + circumstances under the control of the operator. Setting a negative value will disable this restriction. + Defaults to 1 if not specified. format: int32 type: integer type: object @@ -5533,10 +5327,9 @@ spec: description: Version of Elasticsearch. type: string volumeClaimDeletePolicy: - description: VolumeClaimDeletePolicy sets the policy for handling - deletion of PersistentVolumeClaims for all NodeSets. Possible values - are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. - Defaults to DeleteOnScaledownAndClusterDeletion. + description: |- + VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets. + Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. enum: - DeleteOnScaledownOnly - DeleteOnScaledownAndClusterDeletion @@ -5553,13 +5346,13 @@ spec: format: int32 type: integer conditions: - description: Conditions holds the current service state of an Elasticsearch - cluster. **This API is in technical preview and may be changed or - removed in a future release.** + description: |- + Conditions holds the current service state of an Elasticsearch cluster. + **This API is in technical preview and may be changed or removed in a future release.** items: - description: Condition represents Elasticsearch resource's condition. - **This API is in technical preview and may be changed or removed - in a future release.** + description: |- + Condition represents Elasticsearch resource's condition. + **This API is in technical preview and may be changed or removed in a future release.** properties: lastTransitionTime: format: date-time @@ -5582,14 +5375,14 @@ spec: by the health API. type: string inProgressOperations: - description: InProgressOperations represents changes being applied - by the operator to the Elasticsearch cluster. **This API is in technical - preview and may be changed or removed in a future release.** + description: |- + InProgressOperations represents changes being applied by the operator to the Elasticsearch cluster. + **This API is in technical preview and may be changed or removed in a future release.** properties: downscale: - description: DownscaleOperation provides details about in progress - downscale operations. **This API is in technical preview and - may be changed or removed in a future release.** + description: |- + DownscaleOperation provides details about in progress downscale operations. + **This API is in technical preview and may be changed or removed in a future release.** properties: lastUpdatedTime: format: date-time @@ -5598,26 +5391,24 @@ spec: description: Nodes which are scheduled to be removed from the cluster. items: - description: DownscaledNode provides an overview of in progress - changes applied by the operator to remove Elasticsearch - nodes from the cluster. **This API is in technical preview - and may be changed or removed in a future release.** + description: |- + DownscaledNode provides an overview of in progress changes applied by the operator to remove Elasticsearch nodes from the cluster. + **This API is in technical preview and may be changed or removed in a future release.** properties: explanation: - description: Explanation provides details about an in - progress node shutdown. It is only available for clusters - managed with the Elasticsearch shutdown API. + description: |- + Explanation provides details about an in progress node shutdown. It is only available for clusters managed with the + Elasticsearch shutdown API. type: string name: description: Name of the Elasticsearch node that should be removed. type: string shutdownStatus: - description: Shutdown status as returned by the Elasticsearch - shutdown API. If the Elasticsearch shutdown API is - not available, the shutdown status is then inferred - from the remaining shards on the nodes, as observed - by the operator. + description: |- + Shutdown status as returned by the Elasticsearch shutdown API. + If the Elasticsearch shutdown API is not available, the shutdown status is then inferred from the remaining + shards on the nodes, as observed by the operator. type: string required: - name @@ -5625,16 +5416,15 @@ spec: type: object type: array stalled: - description: Stalled represents a state where no progress - can be made. It is only available for clusters managed with - the Elasticsearch shutdown API. + description: |- + Stalled represents a state where no progress can be made. + It is only available for clusters managed with the Elasticsearch shutdown API. type: boolean type: object upgrade: - description: UpgradeOperation provides an overview of the pending - or in progress changes applied by the operator to update the - Elasticsearch nodes in the cluster. **This API is in technical - preview and may be changed or removed in a future release.** + description: |- + UpgradeOperation provides an overview of the pending or in progress changes applied by the operator to update the Elasticsearch nodes in the cluster. + **This API is in technical preview and may be changed or removed in a future release.** properties: lastUpdatedTime: format: date-time @@ -5642,10 +5432,9 @@ spec: nodes: description: Nodes that must be restarted for upgrade. items: - description: UpgradedNode provides details about the status - of nodes which are expected to be updated. **This API - is in technical preview and may be changed or removed - in a future release.** + description: |- + UpgradedNode provides details about the status of nodes which are expected to be updated. + **This API is in technical preview and may be changed or removed in a future release.** properties: message: description: Optional message to explain why a node @@ -5661,10 +5450,9 @@ spec: for an upgrade. type: string status: - description: Status states if the node is either in - the process of being deleted for an upgrade, or blocked - by a predicate or another condition stated in the - message field. + description: |- + Status states if the node is either in the process of being deleted for an upgrade, + or blocked by a predicate or another condition stated in the message field. type: string required: - name @@ -5673,10 +5461,9 @@ spec: type: array type: object upscale: - description: UpscaleOperation provides an overview of in progress - changes applied by the operator to add Elasticsearch nodes to - the cluster. **This API is in technical preview and may be changed - or removed in a future release.** + description: |- + UpscaleOperation provides an overview of in progress changes applied by the operator to add Elasticsearch nodes to the cluster. + **This API is in technical preview and may be changed or removed in a future release.** properties: lastUpdatedTime: format: date-time @@ -5712,18 +5499,16 @@ spec: additionalProperties: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a - single Association of a given type (for ex. single ES reference), - this map contains a single entry. + description: |- + AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that + have a single Association of a given type (for ex. single ES reference), this map contains a single entry. type: object observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this Elasticsearch cluster. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Elasticsearch controller has not yet processed the changes contained - in the Elasticsearch specification. + description: |- + ObservedGeneration is the most recent generation observed for this Elasticsearch cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Elasticsearch + controller has not yet processed the changes contained in the Elasticsearch specification. format: int64 type: integer phase: @@ -5731,9 +5516,9 @@ spec: is in from the controller point of view. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -5766,14 +5551,19 @@ spec: cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -5789,9 +5579,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -5814,257 +5604,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -6074,23 +5843,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -6101,36 +5870,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -6141,33 +5909,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -6175,12 +5942,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -6242,31 +6011,33 @@ spec: for the Pods belonging to this NodeSet. type: object volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim - in this list must have a matching volumeMount in one of the - containers defined in the PodTemplate. Items defined here - take precedence over any default claims added by the operator - with the same name. + description: |- + VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. + Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. + Items defined here take precedence over any default claims added by the operator with the same name. items: description: PersistentVolumeClaim is a user's request for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: @@ -6286,35 +6057,33 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -6330,42 +6099,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -6376,52 +6139,23 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6429,8 +6163,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -6439,12 +6174,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -6456,26 +6190,25 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6487,23 +6220,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to @@ -6519,14 +6266,15 @@ spec: minItems: 1 type: array podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). + description: |- + PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. + The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget` + to the empty value (`{}` in YAML). properties: metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. + description: |- + ObjectMeta is the metadata of the PDB. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -6552,35 +6300,36 @@ spec: anyOf: - type: integer - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". + description: |- + An eviction is allowed if at most "maxUnavailable" pods selected by + "selector" are unavailable after the eviction, i.e. even in absence of + the evicted pod. For example, one can prevent all voluntary evictions + by specifying 0. This is a mutually exclusive setting with "minAvailable". x-kubernetes-int-or-string: true minAvailable: anyOf: - type: integer - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". + description: |- + An eviction is allowed if at least "minAvailable" pods selected by + "selector" will still be available after the eviction, i.e. even in the + absence of the evicted pod. So for example you can prevent all voluntary + evictions by specifying "100%". x-kubernetes-int-or-string: true selector: - description: Label query over pods whose evictions are managed - by the disruption budget. A null selector selects no pods. - An empty selector ({}) also selects no pods, which differs - from standard behavior of selecting all pods. In policy/v1, - an empty selector will select all pods in the namespace. + description: |- + Label query over pods whose evictions are managed by the disruption + budget. + A null selector selects no pods. + An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. + In policy/v1, an empty selector will select all pods in the namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -6588,17 +6337,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6610,38 +6358,45 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria - for when unhealthy pods should be considered for eviction. - Current implementation considers healthy pods, as pods that - have status.conditions item with type=\"Ready\",status=\"True\". - \n Valid policies are IfHealthyBudget and AlwaysAllow. If - no policy is specified, the default behavior will be used, - which corresponds to the IfHealthyBudget policy. \n IfHealthyBudget - policy means that running pods (status.phase=\"Running\"), - but not yet healthy can be evicted only if the guarded application - is not disrupted (status.currentHealthy is at least equal - to status.desiredHealthy). Healthy pods will be subject - to the PDB for eviction. \n AlwaysAllow policy means that - all running pods (status.phase=\"Running\"), but not yet - healthy are considered disrupted and can be evicted regardless - of whether the criteria in a PDB is met. This means perspective - running pods of a disrupted application might not get a - chance to become healthy. Healthy pods will be subject to - the PDB for eviction. \n Additional policies may be added - in the future. Clients making eviction decisions should - disallow eviction of unhealthy pods if they encounter an - unrecognized policy in this field. \n This field is beta-level. - The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy - is enabled (enabled by default)." + description: |- + UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods + should be considered for eviction. Current implementation considers healthy pods, + as pods that have status.conditions item with type="Ready",status="True". + + + Valid policies are IfHealthyBudget and AlwaysAllow. + If no policy is specified, the default behavior will be used, + which corresponds to the IfHealthyBudget policy. + + + IfHealthyBudget policy means that running pods (status.phase="Running"), + but not yet healthy can be evicted only if the guarded application is not + disrupted (status.currentHealthy is at least equal to status.desiredHealthy). + Healthy pods will be subject to the PDB for eviction. + + + AlwaysAllow policy means that all running pods (status.phase="Running"), + but not yet healthy are considered disrupted and can be evicted regardless + of whether the criteria in a PDB is met. This means perspective running + pods of a disrupted application might not get a chance to become healthy. + Healthy pods will be subject to the PDB for eviction. + + + Additional policies may be added in the future. + Clients making eviction decisions should disallow eviction of unhealthy pods + if they encounter an unrecognized policy in this field. + + + This field is beta-level. The eviction API uses this field when + the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). type: string type: object type: object @@ -6653,11 +6408,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -6666,9 +6420,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -6690,19 +6444,17 @@ spec: when applying changes to the Elasticsearch cluster. properties: maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. + description: |- + MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in + the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will + disable the restriction. Defaults to unbounded if not specified. format: int32 type: integer maxUnavailable: - description: MaxUnavailable is the maximum number of pods - that can be unavailable (not ready) during the update due - to circumstances under the control of the operator. Setting - a negative value will disable this restriction. Defaults - to 1 if not specified. + description: |- + MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to + circumstances under the control of the operator. Setting a negative value will disable this restriction. + Defaults to 1 if not specified. format: int32 type: integer type: object @@ -6747,13 +6499,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: group: enterprisesearch.k8s.elastic.co @@ -6790,14 +6542,19 @@ spec: Search. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -6810,10 +6567,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. + Configuration settings are merged and have precedence over settings specified in `config`. properties: secretName: description: SecretName is the name of the secret. @@ -6836,23 +6592,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -6864,9 +6617,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -6889,257 +6642,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -7149,23 +6881,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -7176,36 +6908,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -7216,33 +6947,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -7250,12 +6980,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -7291,9 +7023,9 @@ spec: description: Image is the Enterprise Search Docker image to deploy. type: string podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise - Search pods. + description: |- + PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) + for the Enterprise Search pods. type: object x-kubernetes-preserve-unknown-fields: true revisionHistoryLimit: @@ -7302,8 +7034,8 @@ spec: format: int32 type: integer serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. Elasticsearch) in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -7331,12 +7063,11 @@ spec: description: Health of the deployment. type: string observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that the status is based upon. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Enterprise Search controller has not yet processed the changes contained - in the Enterprise Search specification. + description: |- + ObservedGeneration represents the .metadata.generation that the status is based upon. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Enterprise Search + controller has not yet processed the changes contained in the Enterprise Search specification. format: int64 type: integer selector: @@ -7347,9 +7078,9 @@ spec: to the Enterprise Search Pods. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -7383,14 +7114,19 @@ spec: Search. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7403,10 +7139,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. + Configuration settings are merged and have precedence over settings specified in `config`. properties: secretName: description: SecretName is the name of the secret. @@ -7429,23 +7164,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -7457,9 +7189,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -7482,257 +7214,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -7742,23 +7453,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -7769,36 +7480,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -7809,33 +7519,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -7843,12 +7552,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -7884,14 +7595,14 @@ spec: description: Image is the Enterprise Search Docker image to deploy. type: string podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise - Search pods. + description: |- + PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) + for the Enterprise Search pods. type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. Elasticsearch) in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -7926,9 +7637,9 @@ spec: to the Enterprise Search Pods. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -7942,13 +7653,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: kibanas.kibana.k8s.elastic.co spec: group: kibana.k8s.elastic.co @@ -7984,14 +7695,19 @@ spec: description: Kibana represents a Kibana resource in a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -8019,29 +7735,26 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object enterpriseSearchRef: - description: EnterpriseSearchRef is a reference to an EnterpriseSearch - running in the same Kubernetes cluster. Kibana provides the default - Enterprise Search UI starting version 7.14. + description: |- + EnterpriseSearchRef is a reference to an EnterpriseSearch running in the same Kubernetes cluster. + Kibana provides the default Enterprise Search UI starting version 7.14. properties: name: description: Name of an existing Kubernetes object corresponding @@ -8052,23 +7765,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: the - password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). This - field cannot be used in combination with the other fields name, - namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object http: @@ -8079,9 +7789,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -8104,257 +7814,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -8364,23 +8053,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -8391,36 +8080,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -8431,33 +8119,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -8465,12 +8152,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -8506,26 +8195,24 @@ spec: description: Image is the Kibana Docker image to deploy. type: string monitoring: - description: Monitoring enables you to collect and ship log and monitoring - data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. - Metricbeat and Filebeat are deployed in the same Pod as sidecars - and each one sends data to one or two different Elasticsearch monitoring - clusters running in the same Kubernetes cluster. + description: |- + Monitoring enables you to collect and ship log and monitoring data of this Kibana. + See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different + Elasticsearch monitoring clusters running in the same Kubernetes cluster. properties: logs: description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -8536,25 +8223,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -8564,15 +8246,13 @@ spec: which receive monitoring data from this resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -8583,25 +8263,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -8625,11 +8300,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -8638,9 +8312,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -8654,8 +8328,8 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (for ex. Elasticsearch) in a different namespace. + description: |- + ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -8668,9 +8342,9 @@ spec: description: KibanaStatus defines the observed state of Kibana properties: associationStatus: - description: AssociationStatus is the status of any auto-linking to - Elasticsearch clusters. This field is deprecated and will be removed - in a future release. Use ElasticsearchAssociationStatus instead. + description: |- + AssociationStatus is the status of any auto-linking to Elasticsearch clusters. + This field is deprecated and will be removed in a future release. Use ElasticsearchAssociationStatus instead. type: string availableNodes: description: AvailableNodes is the number of available replicas in @@ -8701,21 +8375,20 @@ spec: to monitoring Elasticsearch clusters. type: object observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this Kibana instance. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Kibana controller has not yet processed the changes contained in - the Kibana specification. + description: |- + ObservedGeneration is the most recent generation observed for this Kibana instance. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Kibana + controller has not yet processed the changes contained in the Kibana specification. format: int64 type: integer selector: description: Selector is the label selector used to find all pods. type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string type: object type: object @@ -8748,14 +8421,19 @@ spec: description: Kibana represents a Kibana resource in a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -8792,9 +8470,9 @@ spec: Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -8817,257 +8495,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations. + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. - Users are encouraged to use implementation-specific - annotations when available.' + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -9077,23 +8734,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -9104,36 +8761,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -9144,33 +8800,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -9178,12 +8833,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -9231,11 +8888,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -9244,9 +8900,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -9295,13 +8951,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: logstashes.logstash.k8s.elastic.co spec: group: logstash.k8s.elastic.co @@ -9317,6 +8973,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: Health + jsonPath: .status.health + name: health + type: string - description: Available nodes jsonPath: .status.availableNodes name: available @@ -9338,14 +8998,19 @@ spec: description: Logstash is the Schema for the logstashes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -9358,10 +9023,10 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Logstash configuration. Logstash settings must - be specified as yaml, under a single "logstash.yml" entry. At most - one of [`Config`, `ConfigRef`] can be specified. + description: |- + ConfigRef contains a reference to an existing Kubernetes Secret holding the Logstash configuration. + Logstash settings must be specified as yaml, under a single "logstash.yml" entry. At most one of [`Config`, `ConfigRef`] + can be specified. properties: secretName: description: SecretName is the name of the secret. @@ -9378,9 +9043,9 @@ spec: cluster which can be used in a Logstash pipeline. properties: clusterName: - description: ClusterName is an alias for the cluster to be used - to refer to the Elasticsearch cluster in Logstash configuration - files, and will be used to identify "named clusters" in Logstash + description: |- + ClusterName is an alias for the cluster to be used to refer to the Elasticsearch cluster in Logstash + configuration files, and will be used to identify "named clusters" in Logstash minLength: 1 type: string name: @@ -9392,23 +9057,20 @@ spec: to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing Kubernetes - secret that contains connection information for associating - an Elastic resource not managed by the operator. The referenced - secret must contain the following: - `url`: the URL to reach - the Elastic resource - `username`: the username of the user - to be authenticated to the Elastic resource - `password`: - the password of the user to be authenticated to the Elastic - resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the other fields - name, namespace or serviceName.' + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced - resource is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -9417,26 +9079,23 @@ spec: and Type have to match the Logstash in the image. type: string monitoring: - description: Monitoring enables you to collect and ship log and monitoring - data of this Logstash. Metricbeat and Filebeat are deployed in the - same Pod as sidecars and each one sends data to one or two different - Elasticsearch monitoring clusters running in the same Kubernetes - cluster. + description: |- + Monitoring enables you to collect and ship log and monitoring data of this Logstash. + Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different + Elasticsearch monitoring clusters running in the same Kubernetes cluster. properties: logs: description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -9447,25 +9106,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -9475,15 +9129,13 @@ spec: which receive monitoring data from this resource. properties: elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. + description: |- + ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. + Due to existing limitations, only a single Elasticsearch cluster is currently supported. items: - description: ObjectSelector defines a reference to a Kubernetes - object which can be an Elastic resource managed by the - operator or a Secret describing an external Elastic resource - not managed by the operator. + description: |- + ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator + or a Secret describing an external Elastic resource not managed by the operator. properties: name: description: Name of an existing Kubernetes object corresponding @@ -9494,25 +9146,20 @@ spec: empty, defaults to the current namespace. type: string secretName: - description: 'SecretName is the name of an existing - Kubernetes secret that contains connection information - for associating an Elastic resource not managed by - the operator. The referenced secret must contain the - following: - `url`: the URL to reach the Elastic resource - - `username`: the username of the user to be authenticated - to the Elastic resource - `password`: the password - of the user to be authenticated to the Elastic resource + description: |- + SecretName is the name of an existing Kubernetes secret that contains connection information for associating an + Elastic resource not managed by the operator. The referenced secret must contain the following: + - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated to the Elastic resource + - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). - This field cannot be used in combination with the - other fields name, namespace or serviceName.' + This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + description: |- + ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of + the referenced resource is used. type: string type: object type: array @@ -9526,10 +9173,10 @@ spec: type: array x-kubernetes-preserve-unknown-fields: true pipelinesRef: - description: PipelinesRef contains a reference to an existing Kubernetes - Secret holding the Logstash Pipelines. Logstash pipelines must be - specified as yaml, under a single "pipelines.yml" entry. At most - one of [`Pipelines`, `PipelinesRef`] can be specified. + description: |- + PipelinesRef contains a reference to an existing Kubernetes Secret holding the Logstash Pipelines. + Logstash pipelines must be specified as yaml, under a single "pipelines.yml" entry. At most one of [`Pipelines`, `PipelinesRef`] + can be specified. properties: secretName: description: SecretName is the name of the secret. @@ -9546,20 +9193,19 @@ spec: format: int32 type: integer secureSettings: - description: SecureSettings is a list of references to Kubernetes - Secrets containing sensitive configuration options for the Logstash. - Secrets data can be then referenced in the Logstash config using - the Secret's keys or as specified in `Entries` field of each SecureSetting. + description: |- + SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Logstash. + Secrets data can be then referenced in the Logstash config using the Secret's keys or as specified in `Entries` field of + each SecureSetting. items: description: SecretSource defines a data source based on a Kubernetes Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -9568,9 +9214,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -9584,16 +9230,15 @@ spec: type: object type: array serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. + description: |- + ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace. + Can only be used if ECK is enforcing RBAC on references. type: string services: - description: 'Services contains details of services that Logstash - should expose - similar to the HTTP layer configuration for the - rest of the stack, but also applicable for more use cases than the - metrics API, as logstash may need to be opened up for other services: - Beats, TCP, UDP, etc, inputs.' + description: |- + Services contains details of services that Logstash should expose - similar to the HTTP layer configuration for the + rest of the stack, but also applicable for more use cases than the metrics API, as logstash may need to + be opened up for other services: Beats, TCP, UDP, etc, inputs. items: properties: name: @@ -9603,9 +9248,9 @@ spec: Kubernetes Service object. properties: metadata: - description: ObjectMeta is the metadata of the service. - The name and namespace provided here are managed by ECK - and will be ignored. + description: |- + ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK and will be ignored. properties: annotations: additionalProperties: @@ -9628,263 +9273,236 @@ spec: description: Spec is the specification of the service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may - be set to "false" if the cluster load-balancer does - not rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests - will be respected, regardless of this field. This - field may only be set for services with type LoadBalancer - and will be cleared if the type is changed to any - other type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is - specified manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This - field may not be changed through updates unless the - type field is also being changed to ExternalName (which - requires this field to be blank) or the type field - is being changed from ExternalName (in which case - this field may optionally be specified, as describe - above). Valid values are "None", empty string (""), - or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and - proxying is not required. Only applies to types ClusterIP, - NodePort, and LoadBalancer. If this field is specified - when creating a Service of type ExternalName, creation - will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range - (as per system configuration), and is not in use, - it will be allocated to the service; otherwise creation - of the service will fail. This field may not be changed - through updates unless the type field is also being - changed to ExternalName (which requires this field - to be empty) or the type field is being changed from - ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - \"None\", empty string (\"\"), or a valid IP address. - \ Setting this to \"None\" makes a \"headless service\" - (no virtual IP), which is useful when direct endpoint - connections are preferred and proxying is not required. - \ Only applies to types ClusterIP, NodePort, and LoadBalancer. - If this field is specified when creating a Service - of type ExternalName, creation will fail. This field - will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP - have the same value. \n This field may hold a maximum - of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies - field. Both clusterIPs and ipFamilies are governed - by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes - system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference - that discovery mechanisms will return as an alias - for this service (e.g. a DNS CNAME record). No proxying - will be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires - `type` to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of - the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that - assumes that external load balancers will take care - of balancing the service traffic between nodes, and - so each node will deliver traffic only to the node-local - endpoints of the service, without masquerading the - client source IP. (Traffic mistakenly sent to a node - with no endpoints will be dropped.) The default value, - "Cluster", uses the standard behavior of routing to - all endpoints evenly (possibly modified by topology - and other features). Note that traffic sent to an - External IP or LoadBalancer IP from within the cluster - will always get "Cluster" semantics, but clients sending - to a NodePort from within the cluster may need to - take traffic policy into account when picking a node. + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External - systems (e.g. load-balancers) can use this port to - determine if a given node holds endpoints for this - service or not. If this field is specified when creating - a Service which does not need it, creation will fail. - This field will be wiped when updating a Service to - no longer need it (e.g. changing type). This field - cannot be updated once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on the - same node as the pod, dropping the traffic if there - are no local endpoints. The default value, "Cluster", - uses the standard behavior of routing to all endpoints - evenly (possibly modified by topology and other features). + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the - cluster, and ipFamilyPolicy allows it, it will be - used; otherwise creation of the service will fail. - This field is conditionally mutable: it allows for - adding or removing a secondary IP family, but it does - not allow changing the primary IP family of the Service. - Valid values are \"IPv4\" and \"IPv6\". This field - only applies to Services of types ClusterIP, NodePort, - and LoadBalancer, and does apply to \"headless\" services. - This field will be wiped when updating a Service to - type ExternalName. \n This field may hold a maximum - of two entries (dual-stack families, in either order). - \ These families must correspond to the values of - the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy - field." + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is - no value provided, then this field will be set to - SingleStack. Services can be "SingleStack" (a single - IP family), "PreferDualStack" (two IP families on - dual-stack configured clusters or a single IP family - on single-stack clusters), or "RequireDualStack" (two - IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend - on the value of this field. This field will be wiped - when updating a service to type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set - when the Service type is 'LoadBalancer'. If not set, - the default load balancer implementation is used, - today this is typically done through the cloud provider - integration, but should apply for any default implementation. - If set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated - to a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load - balancer is created. This field will be ignored if - the cloud-provider does not support the feature. Deprecated: - This field was under-specified and its meaning varies - across implementations. Using it is non-portable and - it may not support dual-stack. Users are encouraged - to use implementation-specific annotations when available.' + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified - client IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array ports: - description: 'The list of ports that are exposed by - this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that - they understand. This field follows standard - Kubernetes label syntax. Valid values are either: - \n * Un-prefixed protocol names - reserved for - IANA standard service names (as per RFC-6335 - and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or - LoadBalancer. Usually assigned by the system. - If a value is specified, in-range, and not in - use it will be used, otherwise the operation - will fail. If not specified, a port will be - allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. - This field will be wiped when updating a Service - to no longer need it (e.g. changing type from - NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -9894,23 +9512,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -9921,37 +9539,35 @@ spec: - protocol x-kubernetes-list-type: map publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that - any agent which deals with endpoints for this Service - should disregard any indications of ready/not-ready. - The primary use case for setting this field is for - a StatefulSet's Headless Service to propagate SRV - DNS records for its Pods for the purpose of peer discovery. - The Kubernetes controllers that generate Endpoints - and EndpointSlice resources for Services interpret - this to mean that all endpoints are considered "ready" - even if the Pods themselves are not. Agents which - consume only Kubernetes generated endpoints through - the Endpoints or EndpointSlice resources can safely - assume this behavior. + description: |- + publishNotReadyAddresses indicates that any agent which deals with endpoints for this + Service should disregard any indications of ready/not-ready. + The primary use case for setting this field is for a StatefulSet's Headless Service to + propagate SRV DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + Services interpret this to mean that all endpoints are considered "ready" even if the + Pods themselves are not. Agents which consume only Kubernetes generated endpoints + through the Endpoints or EndpointSlice resources can safely assume this behavior. type: boolean selector: additionalProperties: type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/' + description: |- + Route service traffic to pods with label keys and values matching this + selector. If empty or not present, the service is assumed to have an + external process managing its endpoints, which Kubernetes will not + modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/ type: object x-kubernetes-map-type: atomic sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based - session affinity. Must be ClientIP or None. Defaults - to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -9962,34 +9578,32 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The - value must be >0 && <=86400(for 1 day) if - ServiceAffinity == "ClientIP". Default value - is 10800(for 3 hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" - allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints - rather than a virtual IP. "NodePort" builds on ClusterIP - and allocates a port on every node which routes to - the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to - the same endpoints as the clusterIP. "ExternalName" - aliases this service to the specified externalName. - Several other fields do not apply to ExternalName - services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object @@ -9997,13 +9611,14 @@ spec: description: TLS defines options for configuring TLS for HTTP. properties: certificate: - description: "Certificate is a reference to a Kubernetes - secret that contains the certificate and private key for - enabling TLS. The referenced secret should contain the - following: \n - `ca.crt`: The certificate authority (optional). - - `tls.crt`: The certificate (or a chain). - `tls.key`: - The private key to the first certificate in the certificate - chain." + description: |- + Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. + The referenced secret should contain the following: + + + - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). + - `tls.key`: The private key to the first certificate in the certificate chain. properties: secretName: description: SecretName is the name of the secret. @@ -10036,33 +9651,73 @@ spec: type: object type: object type: array + updateStrategy: + description: UpdateStrategy is a StatefulSetUpdateStrategy. The default + type is "RollingUpdate". + properties: + rollingUpdate: + description: RollingUpdate is used to communicate parameters when + Type is RollingUpdateStatefulSetStrategyType. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding up. This can not be 0. + Defaults to 1. This field is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be partitioned + for updates. During a rolling update, all pods from ordinal Replicas-1 to + Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + This is helpful in being able to do a canary based deployment. The default value is 0. + format: int32 + type: integer + type: object + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object version: description: Version of the Logstash. type: string volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume claims - to be used by each Pod. Every claim in this list must have a matching - volumeMount in one of the containers defined in the PodTemplate. - Items defined here take precedence over any default claims added - by the operator with the same name. + description: |- + VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod. + Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. + Items defined here take precedence over any default claims added by the operator with the same name. items: description: PersistentVolumeClaim is a user's request for and claim to a persistent volume properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata properties: annotations: additionalProperties: @@ -10082,33 +9737,33 @@ spec: type: string type: object spec: - description: 'spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: + description: |- + dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified data - source, it will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will - not be copied to dataSource.' + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -10122,39 +9777,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which - to populate the volume with data, if a non-empty volume - is desired. This may be any object from a non-empty API - group (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches some - installed volume populator or dynamic provisioner. This - field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they must - have the same value. For backwards compatibility, when - namespace isn''t specified in dataSourceRef, both fields - (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other - is non-empty. When namespace is specified in dataSourceRef, - dataSource isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows two - specific types of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. * While - dataSource ignores disallowed values (dropping them), - dataSourceRef preserves all values, and generates an error - if a disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -10163,50 +9815,23 @@ spec: description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but must - still be higher than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -10214,8 +9839,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -10224,11 +9850,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -10239,8 +9865,8 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -10248,17 +9874,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -10270,22 +9895,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to the @@ -10293,56 +9933,59 @@ spec: type: string type: object status: - description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that - update and let other controllers handle it. + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. type: string description: "allocatedResourceStatuses stores status of - resource being resized for the given PVC. Key names follow - standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\" Apart + resource being resized for the given PVC.\nKey names follow + standard Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered reserved and hence may not be used. - \n ClaimResourceStatus can be in any of following states: - - ControllerResizeInProgress: State set when resize controller - starts resizing the volume in control-plane. - ControllerResizeFailed: - State set when resize has failed in resize controller - with a terminal error. - NodeResizePending: State set + prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with a + terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume - but further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it + but further resizing of\n\t\tvolume is needed on the node.\n\t- + NodeResizeInProgress:\n\t\tState set when kubelet starts + resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update with - previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + given PVC.\n\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular @@ -10354,29 +9997,29 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: "allocatedResources tracks the resources allocated - to a PVC including its capacity. Key names follow standard - Kubernetes label syntax. Valid values are either: * Un-prefixed - keys: - storage - the capacity of the volume. * Custom - resources must use implementation-defined prefixed names - such as \"example.com/my-custom-resource\" Apart from - above values - keys that are unprefixed or have kubernetes.io - prefix are considered reserved and hence may not be used. - \n Capacity reported here may be larger than the actual - capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request is - lowered, allocatedResources is only lowered if there are - no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested capacity. - \n A controller that receives PVC update with previously - unknown resourceName should ignore the update for the - purpose it was designed. For example - a controller that - only is responsible for resizing capacity of the volume, - should ignore PVC updates that change other valid resources - associated with PVC. \n This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + to a PVC including its capacity.\nKey names follow standard + Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have kubernetes.io + prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + reported here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor storage + quota, the larger value from allocatedResources and PVC.spec.resources + is used.\nIf allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and if + the actual volume capacity\nis equal or lower than the + requested capacity.\n\n\nA controller that receives PVC + update with previously unknown resourceName\nshould ignore + the update for the purpose it was designed. For example + - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -10389,8 +10032,8 @@ spec: the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contains details @@ -10411,10 +10054,9 @@ spec: indicating details about last transition. type: string reason: - description: reason is a unique, this should be a - short, machine understandable string that gives - the reason for condition's last transition. If it - reports "ResizeStarted" that means the underlying + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string status: @@ -10428,6 +10070,40 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible indicates + that the request has been rejected as invalid by the + CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass + needs to be specified.\nNote: New statuses can be + added in the future. Consumers should check for unknown + statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object phase: description: phase represents the current phase of PersistentVolumeClaim. type: string @@ -10453,6 +10129,8 @@ spec: expectedNodes: format: int32 type: integer + health: + type: string monitoringAssociationStatus: additionalProperties: description: AssociationStatus is the status of an association resource. @@ -10461,20 +10139,19 @@ spec: to monitoring Elasticsearch clusters. type: object observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this Logstash instance. It corresponds to the metadata generation, - which is updated on mutation by the API Server. If the generation - observed in status diverges from the generation in metadata, the - Logstash controller has not yet processed the changes contained - in the Logstash specification. + description: |- + ObservedGeneration is the most recent generation observed for this Logstash instance. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + If the generation observed in status diverges from the generation in metadata, the Logstash + controller has not yet processed the changes contained in the Logstash specification. format: int64 type: integer selector: type: string version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' + description: |- + Version of the stack resource currently running. During version upgrades, multiple versions may run + in parallel: this value specifies the lowest version currently running. type: string required: - selector @@ -10494,13 +10171,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.11.1' - helm.sh/chart: 'eck-operator-crds-2.11.1' + app.kubernetes.io/version: '2.12.1' + helm.sh/chart: 'eck-operator-crds-2.12.1' name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co spec: group: stackconfigpolicy.k8s.elastic.co @@ -10533,14 +10210,19 @@ spec: a Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -10609,11 +10291,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value - pair in the secret to filesystem paths. If not defined, - all keys will be projected to similarly named paths in - the filesystem. If defined, only the specified keys will - be projected to the corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -10622,9 +10303,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map - the key to. Path must not be an absolute file path - and must not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -10668,11 +10349,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value - pair in the secret to filesystem paths. If not defined, - all keys will be projected to similarly named paths in - the filesystem. If defined, only the specified keys will - be projected to the corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -10681,9 +10361,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map - the key to. Path must not be an absolute file path - and must not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -10699,33 +10379,33 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object resourceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -10738,11 +10418,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -10754,11 +10433,10 @@ spec: Secret. properties: entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. + description: |- + Entries define how to project each key-value pair in the secret to filesystem paths. + If not defined, all keys will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the corresponding paths. items: description: KeyToPath defines how to map a key in a Secret object to a filesystem path. @@ -10767,9 +10445,9 @@ spec: description: Key is the key contained in the secret. type: string path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. + description: |- + Path is the relative file path to map the key to. + Path must not be an absolute file path and must not contain any ".." components. type: string required: - key @@ -10792,9 +10470,9 @@ spec: for one resource to be configured. properties: currentVersion: - description: CurrentVersion denotes the current version of - filesettings applied to the Elasticsearch cluster This field - does not apply to Kibana resources + description: |- + CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster + This field does not apply to Kibana resources format: int64 type: integer error: @@ -10806,9 +10484,9 @@ spec: type: integer type: object expectedVersion: - description: ExpectedVersion denotes the expected version - of filesettings that should be applied to the Elasticsearch - cluster This field does not apply to Kibana resources + description: |- + ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster + This field does not apply to Kibana resources format: int64 type: integer phase: @@ -10846,9 +10524,9 @@ spec: for one resource to be configured. properties: currentVersion: - description: CurrentVersion denotes the current version of filesettings - applied to the Elasticsearch cluster This field does not apply - to Kibana resources + description: |- + CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster + This field does not apply to Kibana resources format: int64 type: integer error: @@ -10860,17 +10538,17 @@ spec: type: integer type: object expectedVersion: - description: ExpectedVersion denotes the expected version of - filesettings that should be applied to the Elasticsearch cluster + description: |- + ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster This field does not apply to Kibana resources format: int64 type: integer phase: type: string type: object - description: 'ResourcesStatuses holds the status for each resource - to be configured. Deprecated: Details is used to store the status - of resources from ECK 2.11' + description: |- + ResourcesStatuses holds the status for each resource to be configured. + Deprecated: Details is used to store the status of resources from ECK 2.11 type: object type: object type: object diff --git a/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl b/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl index 8c421f7..218f574 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl +++ b/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl @@ -114,6 +114,19 @@ elastic-webhook-server {{- end -}} {{- end -}} +{{/* +Determine the metrics port +*/}} +{{- define "eck-operator.metrics.port" -}} +{{- if .Values.config.metrics.port -}} +{{- .Values.config.metrics.port -}} +{{- else if .Values.config.metricsPort -}} +{{- .Values.config.metricsPort -}} +{{- else -}} +0 +{{- end -}} +{{- end -}} + {{/* RBAC permissions NOTE - any changes made to RBAC permissions below require diff --git a/charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml b/charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml new file mode 100644 index 0000000..53bdc02 --- /dev/null +++ b/charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.config.metrics.secureMode.enabled }} +{{- $metricsPort := int (include "eck-operator.metrics.port" .)}} +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + helm.sh/chart: {{ include "eck-operator.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + name: "{{ include "eck-operator.fullname" . }}-metrics" + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: https + port: {{ $metricsPort }} + protocol: TCP + targetPort: metrics + selector: + {{- include "eck-operator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml b/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml index 1b623f3..be7cdde 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml @@ -1,3 +1,6 @@ +{{- if and (not .Values.createClusterScopedResources) (.Values.config.metrics.secureMode.enabled) -}} +{{ fail "createClusterScopedResources is required to set config.metrics.secureMode.enabled to true" }} +{{- end }} {{- if .Values.createClusterScopedResources -}} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -93,4 +96,26 @@ rules: - apiGroups: ["logstash.k8s.elastic.co"] resources: ["logstashes"] verbs: ["create", "delete", "deletecollection", "patch", "update"] +{{- if .Values.config.metrics.secureMode.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "eck-operator.labels" . | nindent 4 }} + name: "{{ include "eck-operator.fullname" . }}-proxy-role" +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end }} {{- end -}} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml index eec71de..bc13953 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml @@ -8,8 +8,16 @@ metadata: {{- include "eck-operator.labels" . | nindent 4 }} data: eck.yaml: |- + {{- $metricsPort := int (include "eck-operator.metrics.port" .)}} log-verbosity: {{ int .Values.config.logVerbosity }} - metrics-port: {{ int .Values.config.metricsPort }} + {{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }} + {{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }} + {{- end }} + {{- if .Values.config.metrics.secureMode.enabled }} + metrics-port: {{ add $metricsPort 1 }} + {{- else }} + metrics-port: {{ $metricsPort }} + {{- end }} container-registry: {{ .Values.config.containerRegistry }} {{- with .Values.config.containerSuffix }} container-suffix: {{ . }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/operator-network-policy.yaml b/charts/kubezero-operators/charts/eck-operator/templates/operator-network-policy.yaml index 10aaa56..ad74156 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/operator-network-policy.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/operator-network-policy.yaml @@ -1,6 +1,6 @@ {{- if .Values.softMultiTenancy.enabled -}} {{- $kubeAPIServerIP := (required "kubeAPIServerIP is required" .Values.kubeAPIServerIP) -}} -{{- $metricsPort := int .Values.config.metricsPort -}} +{{- $metricsPort := int (include "eck-operator.metrics.port" .)}} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/charts/kubezero-operators/charts/eck-operator/templates/podMonitor.yaml b/charts/kubezero-operators/charts/eck-operator/templates/podMonitor.yaml index c269cb7..8e073cd 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/podMonitor.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/podMonitor.yaml @@ -1,10 +1,16 @@ -{{- $metricsPort := int .Values.config.metricsPort -}} +{{- $metricsPort := int (include "eck-operator.metrics.port" .)}} +{{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }} +{{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }} +{{- end }} {{- if and .Values.podMonitor.enabled (gt $metricsPort 0) }} +{{- if and .Values.podMonitor.enabled .Values.config.metrics.secureMode.enabled }} +{{- fail "podMonitor and config.metrics.secureMode are mutually exclusive" }} +{{- end }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: {{ include "eck-operator.fullname" . }} - namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }} + namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (and (.Values.podMonitor) (empty .Values.podMonitor.namespace))) }} labels: {{- include "eck-operator.labels" . | nindent 4 }} {{- with .Values.podMonitor.labels }} {{- toYaml . | nindent 4 }} @@ -33,4 +39,4 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: {{- include "eck-operator.selectorLabels" . | nindent 6 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml b/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml index ca6cf2b..4b57a3f 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml @@ -1,6 +1,7 @@ {{- $operatorNSIsManaged := has .Release.Namespace .Values.managedNamespaces -}} {{- $fullName := include "eck-operator.fullname" . -}} {{- $svcAccount := include "eck-operator.serviceAccountName" . }} +{{- $enableSecureMetrics := .Values.config.metrics.secureMode.enabled -}} {{- if not .Values.createClusterScopedResources }} {{- range .Values.managedNamespaces }} @@ -74,7 +75,24 @@ roleRef: kind: ClusterRole name: {{ $fullName }} subjects: +- kind: ServiceAccount + name: {{ $svcAccount }} + namespace: {{ $.Release.Namespace }} +{{- if $enableSecureMetrics }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "eck-operator.labels" $ | nindent 4 }} + name: "{{ include "eck-operator.fullname" . }}-proxy-rolebinding" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ include "eck-operator.fullname" . }}-proxy-role" +subjects: - kind: ServiceAccount name: {{ $svcAccount }} namespace: {{ $.Release.Namespace }} {{- end }} +{{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml b/charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml new file mode 100644 index 0000000..2b080bb --- /dev/null +++ b/charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.config.metrics.secureMode.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "eck-operator.fullname" . }} + namespace: {{ ternary .Values.serviceMonitor.namespace .Release.Namespace (not (and (.Values.serviceMonitor) (empty .Values.serviceMonitor.namespace))) }} + labels: {{- include "eck-operator.labels" . | nindent 4 }} +spec: + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: https + path: /metrics + scheme: https + interval: 30s + tlsConfig: + insecureSkipVerify: {{ .Values.config.metrics.secureMode.tls.insecureSkipVerify | default false }} + {{- if (not .Values.config.metrics.secureMode.tls.insecureSkipVerify) }} + {{- with .Values.config.metrics.secureMode.tls.caSecret }} + {{- $leading_path := trimSuffix "/" .Values.config.metrics.secureMode.tls.caMountDirectory }} + caFile: "{{ $leading_path }}/{{ . }}/ca.crt" + {{- end }} + serverName: "{{ include "eck-operator.fullname" . }}-metrics.{{ .Release.Namespace }}.svc" + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml index cfc3d44..7f6a8f7 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml @@ -1,5 +1,5 @@ -{{- $metricsPort := int .Values.config.metricsPort -}} --- +{{- $metricsPort := int (include "eck-operator.metrics.port" .)}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -43,7 +43,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: - - image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" + - image: "{{ .Values.image.repository }}{{- if .Values.config.ubiOnly -}}-ubi{{- end -}}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager args: @@ -79,10 +79,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- if or (gt $metricsPort 0) .Values.webhook.enabled }} + {{- if or .Values.webhook.enabled (gt $metricsPort 0) }} ports: - {{- if (gt $metricsPort 0) }} - - containerPort: {{ .Values.config.metricsPort }} + {{- if and (gt $metricsPort 0) (not .Values.config.metrics.secureMode.enabled) }} + - containerPort: {{ $metricsPort }} name: metrics protocol: TCP {{- end }} @@ -104,6 +104,41 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.config.metrics.secureMode.enabled }} + - name: kube-rbac-proxy + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + args: + - "--secure-listen-address=0.0.0.0:{{ $metricsPort }}" + - "--upstream=http://127.0.0.1:{{ add $metricsPort 1 }}/" + - "--logtostderr=true" + - "--v=0" + {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + - "--tls-cert-file=/tls/tls.crt" + - "--tls-private-key-file=/tls/tls.key" + {{- end }} + {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + volumeMounts: + - mountPath: "/tls" + name: tls-certificate + readOnly: true + {{- end }} + ports: + - containerPort: {{ $metricsPort }} + protocol: TCP + name: metrics + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + {{- end }} volumes: - name: conf configMap: @@ -114,6 +149,12 @@ spec: defaultMode: 420 secretName: {{ include "eck-operator.webhookSecretName" . }} {{- end }} + {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + - name: tls-certificate + secret: + defaultMode: 420 + secretName: {{ .Values.config.metrics.secureMode.tls.certificateSecret }} + {{- end }} {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/values.yaml b/charts/kubezero-operators/charts/eck-operator/values.yaml index 0a5d46d..6a12465 100644 --- a/charts/kubezero-operators/charts/eck-operator/values.yaml +++ b/charts/kubezero-operators/charts/eck-operator/values.yaml @@ -159,8 +159,67 @@ config: # number greater than 0: Errors, warnings, information, and debug details. logVerbosity: "0" - # metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting. - metricsPort: "0" + # (Deprecated: use metrics.port: will be removed in v2.14.0) metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting. + metricsPort: 0 + + metrics: + # port defines the port to expose operator metrics. Set to 0 to disable metrics reporting. + port: "0" + # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint. + secureMode: + # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint. (Will be enabled by default in v2.14.0) + # * This option requires using a ServiceMonitor to scrape the metrics and as such is mutually exclusive with the podMonitor.enabled option. + # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to + # grant access to the /metrics endpoint. (createClusterScopedResources: true is required) + # + # This option requires the following settings within Prometheus to function: + # 1. RBAC settings for the Prometheus instance to access the metrics endpoint. + # + # - nonResourceURLs: + # - /metrics + # verbs: + # - get + # + # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need + # the Prometheus Operator configured with the following Helm values: + # + # prometheus: + # prometheusSpec: + # serviceMonitorNamespaceSelector: {} + # serviceMonitorSelectorNilUsesHelmValues: false + enabled: false + tls: + # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint. + # + # * This is an optional setting and is only required if you are using a custom TLS certificate. A self-signed certificate will be generated by default. + # * TLS secret key must be named tls.crt. + # * TLS key's secret key must be named tls.key. + # * It is assumed to be in the same namespace as the ServiceMonitor. + # + # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \ + # --cert=/path/to/tls.crt --key=/path/to/tls.key + certificateSecret: "" + # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint. + # + # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate. + # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics. + # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}. + # * This is an optional setting and is only required if you are using a custom TLS certificate. + # * Key must be named ca.crt. + # + # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \ + # --from-file=ca.crt=/path/to/ca.pem + caSecret: "" + # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod. + # + # * You should only need to adjust this if you are *not* using the Prometheus operator. + caMountDirectory: "/etc/prometheus/secrets/" + # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint. + # + # * If this setting is set to false, then the following settings are required: + # - certificateSecret + # - caSecret + insecureSkipVerify: true # containerRegistry to use for pulling Elasticsearch and other application container images. containerRegistry: docker.elastic.co @@ -223,7 +282,7 @@ config: # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation. elasticsearchObservationInterval: 10s - # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications. UBI images are only available from 7.10.0 onward. + # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications as well as for its own StatefulSet image. UBI images are only available from 7.10.0 onward. # Cannot be combined with the containerSuffix value. ubiOnly: false @@ -232,7 +291,7 @@ config: podMonitor: # enabled determines whether a podMonitor should deployed to scrape the eck metrics. - # This requires the prometheus operator and the config.metricsPort not to be 0 + # This requires the prometheus operator and the config.metrics.port not to be 0 enabled: false # labels adds additional labels to the podMonitor @@ -258,6 +317,15 @@ podMonitor: podMetricsEndpointConfig: {} # honorTimestamps: true +# Prometheus ServiceMonitor configuration +# Only used when config.enableSecureMetrics is true +# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor +serviceMonitor: {} + + # namespace determines in which namespace the serviceMonitor will be deployed. + # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into + # namespace: monitoring + # Globals meant for internal use only global: # manifestGen specifies whether the chart is running under manifest generator. diff --git a/charts/kubezero-telemetry/Chart.yaml b/charts/kubezero-telemetry/Chart.yaml index 9289a80..8225fd2 100644 --- a/charts/kubezero-telemetry/Chart.yaml +++ b/charts/kubezero-telemetry/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-telemetry description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. type: application -version: 0.1.3 +version: 0.2.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -18,7 +18,7 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: opentelemetry-collector - version: 0.80.1 + version: 0.86.0 repository: https://open-telemetry.github.io/opentelemetry-helm-charts condition: opentelemetry-collector.enabled - name: jaeger diff --git a/charts/kubezero-telemetry/values.yaml b/charts/kubezero-telemetry/values.yaml index d124a37..b3ba859 100644 --- a/charts/kubezero-telemetry/values.yaml +++ b/charts/kubezero-telemetry/values.yaml @@ -49,11 +49,11 @@ jaeger: url: jaeger.example.com opensearch: - version: 2.11.1 + version: 2.12.0 prometheus: false nodeSets: [] - #- name: default-nodes + #- name: default-nodes # replicas: 2 # storage: # size: 16Gi diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 19e4095..d4321e4 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -85,12 +85,12 @@ falco: telemetry: enabled: false namespace: telemetry - targetRevision: 0.1.0 + targetRevision: 0.2.0 operators: enabled: false namespace: operators - targetRevision: 0.1.0 + targetRevision: 0.1.2 metrics: enabled: false