From 709e33a24b78d6aafe7c16471f6634587dea1fd3 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 29 Apr 2022 20:22:20 +0200 Subject: [PATCH] fix: Fix CNI upgrade, new ECK CRDs, new logging, Istio fixes --- .../templates/KubeletConfiguration.yaml | 3 +- charts/kubeadm/templates/_helpers.tpl | 8 +- .../templates/credential-provider.yaml | 17 + charts/kubezero-ci/Chart.yaml | 2 +- .../templates/jenkins/istio-service.yaml | 14 +- charts/kubezero-ci/values.yaml | 8 +- charts/kubezero-logging/Chart.yaml | 4 +- .../charts/eck-operator/Chart.yaml | 4 +- .../charts/eck-operator/crds/all-crds.yaml | 11562 +++++++++++----- .../eck-operator/templates/_helpers.tpl | 96 +- .../eck-operator/templates/cluster-roles.yaml | 3 + .../eck-operator/templates/configmap.yaml | 4 + .../templates/operator-namespace.yaml | 2 +- .../eck-operator/templates/statefulset.yaml | 1 - .../eck-operator/templates/webhook.yaml | 62 +- .../charts/eck-operator/values.yaml | 23 +- charts/kubezero-logging/values.yaml | 2 +- charts/kubezero-storage/README.md | 2 +- .../jsonnet/jsonnetfile.lock.json | 4 +- charts/kubezero-storage/update.sh | 2 + charts/kubezero/Chart.yaml | 2 +- charts/kubezero/templates/_app.tpl | 4 +- charts/kubezero/templates/istio-ingress.yaml | 4 +- charts/kubezero/values.yaml | 4 + releases/v1.22/README.md | 11 +- releases/v1.22/kubezero.sh | 49 +- releases/v1.22/migrate_argo.py | 96 + releases/v1.22/migrate_argo.sh | 17 - releases/v1.22/upgrade_cluster.sh | 43 +- scripts/deprecated_setClusterVersion.sh | 22 - 30 files changed, 8080 insertions(+), 3995 deletions(-) create mode 100644 charts/kubeadm/templates/credential-provider.yaml create mode 100755 releases/v1.22/migrate_argo.py delete mode 100755 releases/v1.22/migrate_argo.sh delete mode 100644 scripts/deprecated_setClusterVersion.sh diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index 3faadf6..2e32def 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -16,7 +16,8 @@ protectKernelDefaults: {{ .Values.protectKernelDefaults }} # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] -featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" ) }} +featureGates: + {{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }} # Minimal unit is 50m per pod podsPerCore: 20 # cpuCFSQuotaPeriod: 10ms diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index 19b2811..3b8976b 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -1,16 +1,16 @@ {{- /* Feature gates for all control plane components */ -}} -{{- define "kubeadm.featuregates" -}} -{{- $gates := list "CustomCPUCFSQuotaPeriod" "GenericEphemeralVolume" "InTreePluginAWSUnregister" "InTreePluginAzureDiskUnregister" "InTreePluginAzureFileUnregister" "InTreePluginGCEUnregister" "InTreePluginOpenStackUnregister" }} +{{- define "kubeadm.featuregates" }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "GenericEphemeralVolume" "KubeletCredentialProviders"}} {{- if eq .return "csv" }} {{- range $key := $gates }} {{- $key }}=true, {{- end }} {{- else }} {{- range $key := $gates }} - {{ $key }}: true +{{ $key }}: true +{{- end }} {{- end }} {{- end }} -{{- end -}} {{- /* Etcd default initial cluster */ -}} diff --git a/charts/kubeadm/templates/credential-provider.yaml b/charts/kubeadm/templates/credential-provider.yaml new file mode 100644 index 0000000..af930e1 --- /dev/null +++ b/charts/kubeadm/templates/credential-provider.yaml @@ -0,0 +1,17 @@ +apiVersion: kubelet.config.k8s.io/v1alpha1 +kind: CredentialProviderConfig +providers: + - name: amazon-ecr-credential-helper + matchImages: + - "*.dkr.ecr.*.amazonaws.com" + - "*.dkr.ecr.*.amazonaws.cn" + - "*.dkr.ecr-fips.*.amazonaws.com" + - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov" + - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov" + defaultCacheDuration: "12h" + apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1 + args: + - get + #env: + # - name: AWS_PROFILE + # value: example_profile diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index 9ad5e33..23cfcd0 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.4.46 +version: 0.4.50 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-ci/templates/jenkins/istio-service.yaml b/charts/kubezero-ci/templates/jenkins/istio-service.yaml index c84e33b..6872d1f 100644 --- a/charts/kubezero-ci/templates/jenkins/istio-service.yaml +++ b/charts/kubezero-ci/templates/jenkins/istio-service.yaml @@ -56,11 +56,13 @@ spec: - {{ .Values.jenkins.istio.agent.url }} gateways: - {{ .Values.jenkins.istio.agent.gateway }} - http: - - route: - - destination: - host: {{ template "kubezero-lib.fullname" (merge (dict "subchart" "jenkins") .) }} - port: - number: 50000 + tcp: + - match: + - port: 50000 + route: + - destination: + host: {{ template "kubezero-lib.fullname" (merge (dict "subchart" "jenkins") .) }}-agent + port: + number: 50000 {{- end }} {{- end }} diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index aa1a9aa..32e9fd9 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -115,12 +115,12 @@ jenkins: installPlugins: - kubernetes:3580.v78271e5631dc - - workflow-aggregator:2.6 - - git:4.11.0 - - configuration-as-code:1414.v878271fc496f + - workflow-aggregator:2.7 + - git:4.11.1 + - configuration-as-code:1429.v09b_044a_c93de - antisamy-markup-formatter:2.7 - prometheus:2.0.11 - - htmlpublisher:1.29 + - htmlpublisher:1.30 - build-discarder:60.v1747b0eb632a - dark-theme:156.v6cf16af6f9ef diff --git a/charts/kubezero-logging/Chart.yaml b/charts/kubezero-logging/Chart.yaml index 478e2e7..9a8a38d 100644 --- a/charts/kubezero-logging/Chart.yaml +++ b/charts/kubezero-logging/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-logging description: KubeZero Umbrella Chart for complete EFK stack type: application -version: 0.7.21 +version: 0.8.0 appVersion: 1.6.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png @@ -19,7 +19,7 @@ dependencies: version: ">= 0.1.3" repository: https://cdn.zero-downtime.net/charts/ - name: eck-operator - version: 1.6.0 + version: 2.1.0 # repository: https://helm.elastic.co condition: eck-operator.enabled - name: fluentd diff --git a/charts/kubezero-logging/charts/eck-operator/Chart.yaml b/charts/kubezero-logging/charts/eck-operator/Chart.yaml index 36b05d3..18bd9be 100644 --- a/charts/kubezero-logging/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-logging/charts/eck-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.6.0 +appVersion: 2.1.0 description: 'A Helm chart for deploying the Elastic Cloud on Kubernetes (ECK) operator: the official Kubernetes operator for orchestrating Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats.' home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png @@ -17,4 +17,4 @@ maintainers: name: Elastic name: eck-operator type: application -version: 1.6.0 +version: 2.1.0 diff --git a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml index 0dbf2a9..7666c5e 100644 --- a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml @@ -1,38 +1,19 @@ --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: agents.agent.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .status.version - description: Agent version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: agent.k8s.elastic.co names: categories: @@ -44,143 +25,237 @@ spec: - agent singular: agent scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Agent is the Schema for the Agents API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AgentSpec defines the desired state of the Agent - properties: - config: - description: Config holds the Agent configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Agent configuration. Agent settings must be specified - as yaml, under a single "agent.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Agent should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Agent version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Agent is the Schema for the Agents API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AgentSpec defines the desired state of the Agent + properties: + config: + description: Config holds the Agent configuration. At most one of + [`Config`, `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Agent configuration. Agent settings must be specified + as yaml, under a single "agent.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + daemonSet: + description: DaemonSet specifies the Agent should be deployed as a + DaemonSet, and allows providing its spec. Cannot be used along with + `deployment`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow + our convention for oneOf, whatever we decide it to be. Same + as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing + available DaemonSet pod that can have an updated DaemonSet + pod during during an update. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up + to a minimum of 1. Default value is 0. Example: when + this is set to 30%, at most 30% of the total number + of nodes that should be running the daemon pod (i.e. + status.desiredNumberScheduled) can have their a new + pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. + Once an updated pod is available (Ready for at least + minReadySeconds) the old DaemonSet pod on that node + is marked deleted. If the old pod becomes unavailable + for any reason (Ready transitions to false, is evicted, + or is drained) an updated pod is immediatedly created + on that node without considering surge limits. Allowing + surge implies the possibility that the resources consumed + by the daemonset on any given node can double if the + readiness check fails, and so resource intensive daemonsets + should take into account that they may cause evictions + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods + in their place. Once the new pods are available, it + then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods + are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Agent should be deployed as + a Deployment, and allows providing its spec. Cannot be used along + with `daemonSet`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update + this to follow our convention for oneOf, whatever we decide + it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. + Defaults to 25%. Example: when this is set to 30%, the + new ReplicaSet can be scaled up immediately when the + rolling update starts, such that the total number of + old and new pods do not exceed 130% of desired pods. + Once old pods have been killed, new ReplicaSet can be + scaled up further, ensuring that total number of pods + running at any time during the update is at most 130% + of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet + can be scaled down to 70% of desired pods immediately + when the rolling update starts. Once new pods are ready, + old ReplicaSet can be scaled down further, followed + by scaling up the new ReplicaSet, ensuring that the + total number of pods available at all times during the + update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of Elasticsearch + clusters running in the same Kubernetes cluster. Due to existing + limitations, only a single ES cluster is currently supported. + items: properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. + name: + description: Name of the Kubernetes object. type: string - type: object - type: object - deployment: - description: Deployment specifies the Agent should be deployed as a - Deployment, and allows providing its spec. Cannot be used along with - `daemonSet`. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. type: string + outputName: + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced + resource is used. + type: string + required: + - name type: object - type: object - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of Elasticsearch - clusters running in the same Kubernetes cluster. Due to existing limitations, - only a single ES cluster is currently supported. - items: + type: array + fleetServerEnabled: + description: FleetServerEnabled determines whether this Agent will + launch Fleet Server. Don't set unless `mode` is set to `fleet`. + type: boolean + fleetServerRef: + description: FleetServerRef is a reference to Fleet Server that this + Agent should connect to to obtain it's configuration. Don't set + unless `mode` is set to `fleet`. properties: name: description: Name of the Kubernetes object. @@ -189,103 +264,546 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string - outputName: - type: string serviceName: description: ServiceName is the name of an existing Kubernetes - service which will be used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty the default HTTP service of the referenced - resource will be used. + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - name type: object - type: array - image: - description: Image is the Agent Docker image to deploy. Version has - to match the Agent in the image. - type: string - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Agent. Secrets - data can be then referenced in the Agent config using the Secret's - keys or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + http: + description: HTTP holds the HTTP layer configuration for the Agent + in Fleet mode with Fleet Server enabled. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Agent Docker image to deploy. Version has + to match the Agent in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to Kibana where Fleet should + be set up and this Agent should be enrolled. Don't set unless `mode` + is set to `fleet`. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to an Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the Agent. - type: string - required: - - version - type: object - status: - description: AgentStatus defines the observed state of the Agent - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: + mode: + description: Mode specifies the source of configuration for the Agent. + The configuration can be specified locally through `config` or `configRef` + (`standalone` mode), or come from Fleet during runtime (`fleet` + mode). Defaults to `standalone` mode. + enum: + - standalone + - fleet + type: string + secureSettings: + description: SecureSettings is a list of references to Kubernetes + Secrets containing sensitive configuration options for the Agent. + Secrets data can be then referenced in the Agent config using the + Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to an Elasticsearch resource in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the Agent. + type: string + required: + - version + type: object + status: + description: AgentStatus defines the observed state of the Agent + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationsStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a + single Association of a given type (for ex. single ES reference), + this map contains a single entry. + type: object + expectedNodes: + format: int32 + type: integer + fleetServerAssociationStatus: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a single - Association of a given type (eg. single ES reference), this map will - contain a single entry. - type: object - expectedNodes: - format: int32 - type: integer - health: - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -294,35 +812,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: apmservers.apm.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: APM version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: apm.k8s.elastic.co names: categories: @@ -334,546 +837,1157 @@ spec: - apm singular: apmserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ApmServer represents an APM Server resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApmServerSpec holds the specification of an APM Server. - properties: - config: - description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' - type: object - count: - description: Count of APM Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the output Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for the APM Server - resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port - type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the APM Server Docker image to deploy. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows APM agent central configuration - management in Kibana. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the APM Server pods. - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for APM Server. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch + cluster running in the same Kubernetes cluster. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the APM Server. - type: string - required: - - version - type: object - status: - description: ApmServerStatus defines the observed state of ApmServer - properties: - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - elasticsearchAssociationStatus: - description: ElasticsearchAssociationStatus is the status of any auto-linking - to Elasticsearch clusters. - type: string - health: - description: Health of the deployment. - type: string - kibanaAssociationStatus: - description: KibanaAssociationStatus is the status of any auto-linking - to Kibana. - type: string - secretTokenSecret: - description: SecretTokenSecretName is the name of the Secret that contains - the secret token - type: string - service: - description: ExternalService is the name of the service the agents should - connect to. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + http: + description: HTTP holds the HTTP layer configuration for the APM Server + resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running + in the same Kubernetes cluster. It allows APM agent central configuration + management in Kibana. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the APM Server + pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the APM Server. + type: string + required: + - version + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: string + health: + description: Health of the deployment. + type: string + kibanaAssociationStatus: + description: KibanaAssociationStatus is the status of any auto-linking + to Kibana. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that + contains the secret token + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service the agents + should connect to. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server + resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the APM Server + pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of the APM Server. + type: string + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + format: int32 + type: integer + health: + description: ApmServerHealth expresses the status of the Apm Server + instances. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that + contains the secret token + type: string + service: + description: ExternalService is the name of the service the agents + should connect to. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object served: false storage: false status: @@ -884,43 +1998,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: beats.beat.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .spec.type - description: Beat type - name: type - type: string - - JSONPath: .status.version - description: Beat version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: beat.k8s.elastic.co names: categories: @@ -932,273 +2023,341 @@ spec: - beat singular: beat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Beat is the Schema for the Beats API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BeatSpec defines the desired state of a Beat. - properties: - config: - description: Config holds the Beat configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Beat configuration. Beat settings must be specified - as yaml, under a single "beat.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Beat should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - If both are absent a default for the Type is used. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - type: object - deployment: - description: Deployment specifies the Beat should be deployed as a Deployment, - and allows providing its spec. Cannot be used along with `daemonSet`. - If both are absent a default for the Type is used. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - type: object - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - image: - description: Image is the Beat Docker image to deploy. Version and Type - have to match the Beat in the image. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows automatic setup of dashboards - and visualizations. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Beat. Secrets data - can be then referenced in the Beat config using the Secret's keys - or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Beat type + jsonPath: .spec.type + name: type + type: string + - description: Beat version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Beat is the Schema for the Beats API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BeatSpec defines the desired state of a Beat. + properties: + config: + description: Config holds the Beat configuration. At most one of [`Config`, + `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Beat configuration. Beat settings must be specified + as yaml, under a single "beat.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array secretName: description: SecretName is the name of the secret. type: string - required: - - secretName type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can only - be used if ECK is enforcing RBAC on references. - type: string - type: - description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can - be used, but well-known types will have the image field defaulted - and have the appropriate Elasticsearch roles created automatically. - It also allows for dashboard setup when combined with a `KibanaRef`. - maxLength: 20 - pattern: '[a-zA-Z0-9-]+' - type: string - version: - description: Version of the Beat. - type: string - required: - - type - - version - type: object - status: - description: BeatStatus defines the observed state of a Beat. - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - expectedNodes: - format: int32 - type: integer - health: - type: string - kibanaAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1beta1 - versions: - - name: v1beta1 + daemonSet: + description: DaemonSet specifies the Beat should be deployed as a + DaemonSet, and allows providing its spec. Cannot be used along with + `deployment`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow + our convention for oneOf, whatever we decide it to be. Same + as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing + available DaemonSet pod that can have an updated DaemonSet + pod during during an update. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up + to a minimum of 1. Default value is 0. Example: when + this is set to 30%, at most 30% of the total number + of nodes that should be running the daemon pod (i.e. + status.desiredNumberScheduled) can have their a new + pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. + Once an updated pod is available (Ready for at least + minReadySeconds) the old DaemonSet pod on that node + is marked deleted. If the old pod becomes unavailable + for any reason (Ready transitions to false, is evicted, + or is drained) an updated pod is immediatedly created + on that node without considering surge limits. Allowing + surge implies the possibility that the resources consumed + by the daemonset on any given node can double if the + readiness check fails, and so resource intensive daemonsets + should take into account that they may cause evictions + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods + in their place. Once the new pods are available, it + then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods + are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Beat should be deployed as a + Deployment, and allows providing its spec. Cannot be used along + with `daemonSet`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update + this to follow our convention for oneOf, whatever we decide + it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. + Defaults to 25%. Example: when this is set to 30%, the + new ReplicaSet can be scaled up immediately when the + rolling update starts, such that the total number of + old and new pods do not exceed 130% of desired pods. + Once old pods have been killed, new ReplicaSet can be + scaled up further, ensuring that total number of pods + running at any time during the update is at most 130% + of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet + can be scaled down to 70% of desired pods immediately + when the rolling update starts. Once new pods are ready, + old ReplicaSet can be scaled down further, followed + by scaling up the new ReplicaSet, ensuring that the + total number of pods available at all times during the + update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + image: + description: Image is the Beat Docker image to deploy. Version and + Type have to match the Beat in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running + in the same Kubernetes cluster. It allows automatic setup of dashboards + and visualizations. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes + Secrets containing sensitive configuration options for the Beat. + Secrets data can be then referenced in the Beat config using the + Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to Elasticsearch resource in a different namespace. Can + only be used if ECK is enforcing RBAC on references. + type: string + type: + description: Type is the type of the Beat to deploy (filebeat, metricbeat, + heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string + can be used, but well-known types will have the image field defaulted + and have the appropriate Elasticsearch roles created automatically. + It also allows for dashboard setup when combined with a `KibanaRef`. + maxLength: 20 + pattern: '[a-zA-Z0-9-]+' + type: string + version: + description: Version of the Beat. + type: string + required: + - type + - version + type: object + status: + description: BeatStatus defines the observed state of a Beat. + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + expectedNodes: + format: int32 + type: integer + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1207,35 +2366,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: elasticmapsservers.maps.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: ElasticMapsServer version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: maps.k8s.elastic.co names: categories: @@ -1247,485 +2391,550 @@ spec: - ems singular: elasticmapsserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ElasticMapsServer represents an Elastic Map Server resource in - a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MapsSpec holds the specification of an Elastic Maps Server - instance. - properties: - config: - description: 'Config holds the ElasticMapsServer configuration. See: - https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Elastic Maps Server configuration. Configuration - settings are merged and have precedence over settings specified in - `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Elastic Maps Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Elastic Maps - Server. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: ElasticMapsServer version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticMapsServer represents an Elastic Map Server resource in + a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MapsSpec holds the specification of an Elastic Maps Server + instance. + properties: + config: + description: 'Config holds the ElasticMapsServer configuration. See: + https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Elastic Maps Server configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Elastic Maps Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Elastic Maps + Server. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' format: int32 type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elastic Maps Server Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Elastic Maps - Server pods - type: object - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Elastic Maps Server. - type: string - required: - - version - type: object - status: - description: MapsStatus defines the observed state of Elastic Maps Server - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elastic Maps Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Elastic Maps + Server pods + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Elastic Maps Server. + type: string + required: + - version + type: object + status: + description: MapsStatus defines the observed state of Elastic Maps Server + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} status: acceptedNames: kind: "" @@ -1734,38 +2943,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Elasticsearch version - name: version - type: string - - JSONPath: .status.phase - name: phase - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: elasticsearch.k8s.elastic.co names: categories: @@ -1777,1256 +2968,2743 @@ spec: - es singular: elasticsearch scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Elasticsearch represents an Elasticsearch resource in a Kubernetes - cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ElasticsearchSpec holds the specification of an Elasticsearch - cluster. - properties: - auth: - description: Auth contains user authentication and authorization security - settings for Elasticsearch. - properties: - fileRealm: - description: FileRealm to propagate to the Elasticsearch cluster. - items: - description: FileRealmSource references users to create in the - Elasticsearch cluster. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - roles: - description: Roles to propagate to the Elasticsearch cluster. - items: - description: RoleSource references roles to create in the Elasticsearch - cluster. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - type: object - http: - description: HTTP holds HTTP layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port - type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .status.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch + cluster. + properties: + auth: + description: Auth contains user authentication and authorization security + settings for Elasticsearch. + properties: + fileRealm: + description: FileRealm to propagate to the Elasticsearch cluster. + items: + description: FileRealmSource references users to create in the + Elasticsearch cluster. properties: secretName: description: SecretName is the name of the secret. type: string type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elasticsearch Docker image to deploy. - type: string - nodeSets: - description: NodeSets allow specifying groups of Elasticsearch nodes - sharing the same configuration and Pod templates. - items: - description: NodeSet is the specification for a group of Elasticsearch - nodes sharing the same configuration and a Pod template. - properties: - config: - description: Config holds the Elasticsearch configuration. - type: object - count: - description: Count of Elasticsearch nodes to deploy. If the node - set is managed by an autoscaling policy the initial value is - automatically set by the autoscaling controller. - format: int32 - type: integer - name: - description: Name of this set of nodes. Becomes a part of the - Elasticsearch node.name setting. - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, - annotations, affinity rules, resource requests, and so on) for - the Pods belonging to this NodeSet. - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim in - this list must have a matching volumeMount in one of the containers - defined in the PodTemplate. Items defined here take precedence - over any default claims added by the operator with the same - name. + type: array + roles: + description: Roles to propagate to the Elasticsearch cluster. items: - description: PersistentVolumeClaim is a user's request for and - claim to a persistent volume + description: RoleSource references roles to create in the Elasticsearch + cluster. properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + secretName: + description: SecretName is the name of the secret. type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement - data population, the AnyVolumeDataSource feature gate - must be enabled. If the provisioner or an external - controller can support the specified data source, - it will create a new volume based on the contents - of the specified data source.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selector: - description: A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the actual access - modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: Represents the actual resources of the - underlying volume. - type: object - conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being resized - then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating - details about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason - for condition's last transition. If it reports - "ResizeStarted" that means the underlying persistent - volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object type: object type: array - required: - - name type: object - minItems: 1 - type: array - podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). - properties: - metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. - type: object - spec: - description: Spec is the specification of the PDB. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring + data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars + and each one sends data to one or two different Elasticsearch monitoring + clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + receive log data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which receive monitoring data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes + sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch + nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Elasticsearch nodes to deploy. If the + node set is managed by an autoscaling policy the initial value + is automatically set by the autoscaling controller. + format: int32 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the + Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, + annotations, affinity rules, resource requests, and so on) + for the Pods belonging to this NodeSet. + type: object + x-kubernetes-preserve-unknown-fields: true + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume + claims to be used by each Pod in this NodeSet. Every claim + in this list must have a matching volumeMount in one of the + containers defined in the PodTemplate. Items defined here + take precedence over any default claims added by the operator + with the same name. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: items: type: string type: array - required: - - key - - operator + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object + spec: + description: 'Spec defines the desired characteristics + of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the other + is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource + only allows two specific types of objects, DataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the + underlying volume. + type: object + conditions: + description: Current Condition of persistent volume + claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating + details about last transition. + type: string + reason: + description: Unique, this should be a short, + machine understandable string that gives the + reason for condition's last transition. If + it reports "ResizeStarted" that means the + underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of + PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string + type: object + type: object + type: array + required: + - name type: object - type: object - remoteClusters: - description: RemoteClusters enables you to establish uni-directional - connections to a remote Elasticsearch cluster. - items: - description: RemoteCluster declares a remote Elasticsearch cluster - connection. + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod + disruption budget for the Elasticsearch cluster. The default budget + selects all cluster pods and sets `maxUnavailable` to 1. To disable, + set `PodDisruptionBudget` to the empty value (`{}` in YAML). properties: - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch - cluster running within the same k8s cluster. + metadata: + description: ObjectMeta is the metadata of the PDB. The name and + namespace provided here are managed by ECK and will be ignored. properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object name: - description: Name of the Kubernetes object. type: string namespace: - description: Namespace of the Kubernetes object. If empty, - defaults to the current namespace. type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which will be used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty the default HTTP service of the - referenced resource will be used. - type: string - required: - - name type: object - name: - description: Name is the name of the remote cluster as it is set - in the Elasticsearch settings. The name is expected to be unique - for each remote clusters. - minLength: 1 - type: string - required: - - name + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods selected by "selector" are unavailable after the eviction, + i.e. even in absence of the evicted pod. For example, one + can prevent all voluntary evictions by specifying 0. This + is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods selected by "selector" will still be available after + the eviction, i.e. even in the absence of the evicted pod. So + for example you can prevent all voluntary evictions by specifying + "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed + by the disruption budget. A null selector selects no pods. + An empty selector ({}) also selects no pods, which differs + from standard behavior of selecting all pods. In policy/v1, + an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object type: object - type: array - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Elasticsearch. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. + remoteClusters: + description: RemoteClusters enables you to establish uni-directional + connections to a remote Elasticsearch cluster. + items: + description: RemoteCluster declares a remote Elasticsearch cluster + connection. + properties: + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch + cluster running within the same k8s cluster. properties: - key: - description: Key is the key contained in the secret. + name: + description: Name of the Kubernetes object. type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. + namespace: + description: Namespace of the Kubernetes object. If empty, + defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty, the default HTTP service of the + referenced resource is used. type: string required: - - key + - name type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. a remote Elasticsearch cluster) in a different - namespace. Can only be used if ECK is enforcing RBAC on references. - type: string - transport: - description: Transport holds transport layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. + name: + description: Name is the name of the remote cluster as it is + set in the Elasticsearch settings. The name is expected to + be unique for each remote clusters. + minLength: 1 + type: string + required: + - name + type: object + type: array + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. a remote Elasticsearch cluster) in a + different namespace. Can only be used if ECK is enforcing RBAC on + references. + type: string + transport: + description: Transport holds transport layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' format: int32 type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS on the transport - layer. + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS on the transport + layer. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the CA certificate and private key for generating + node certificates. The referenced secret should contain + the following: \n - `ca.crt`: The CA certificate in PEM + format. - `ca.key`: The private key for the CA certificate + in PEM format." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + otherNameSuffix: + description: 'OtherNameSuffix when defined will be prefixed + with the Pod name and used as the common name, and the first + DNSName, as well as an OtherName required by Elasticsearch + in the Subject Alternative Name extension of each Elasticsearch + node''s transport TLS certificate. Example: if set to "node.cluster.local", + the generated certificate will have its otherName set to + ".node.cluster.local".' + type: string + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated node transport TLS certificates. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should + be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider + when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that + can be created exceeding the original number of pods defined + in the specification. MaxSurge is only taken into consideration + when scaling up. Setting a negative value will disable the + restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods + that can be unavailable (not ready) during the update due + to circumstances under the control of the operator. Setting + a negative value will disable this restriction. Defaults + to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + volumeClaimDeletePolicy: + description: VolumeClaimDeletePolicy sets the policy for handling + deletion of PersistentVolumeClaims for all NodeSets. Possible values + are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. + Defaults to DeleteOnScaledownAndClusterDeletion. + enum: + - DeleteOnScaledownOnly + - DeleteOnScaledownAndClusterDeletion + type: string + required: + - nodeSets + - version + type: object + status: + description: ElasticsearchStatus represents the observed state of Elasticsearch. + properties: + availableNodes: + description: AvailableNodes is the number of available instances. + format: int32 + type: integer + conditions: + description: Conditions holds the current service state of an Elasticsearch + cluster. **This API is in technical preview and may be changed or + removed in a future release.** + items: + description: Condition represents Elasticsearch resource's condition. + **This API is in technical preview and may be changed or removed + in a future release.** properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the CA certificate and private key for generating - node certificates. The referenced secret should contain the - following: \n - `tls.crt`: The CA certificate in PEM format. - - `tls.key`: The private key for the CA certificate in PEM - format." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: + description: ConditionType defines the condition of an Elasticsearch + resource. + type: string + required: + - status + - type type: object - type: object - updateStrategy: - description: UpdateStrategy specifies how updates to the cluster should - be performed. - properties: - changeBudget: - description: ChangeBudget defines the constraints to consider when - applying changes to the Elasticsearch cluster. - properties: - maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. - format: int32 - type: integer - maxUnavailable: - description: MaxUnavailable is the maximum number of pods that - can be unavailable (not ready) during the update due to circumstances - under the control of the operator. Setting a negative value - will disable this restriction. Defaults to 1 if not specified. - format: int32 - type: integer - type: object - type: object - version: - description: Version of Elasticsearch. - type: string - volumeClaimDeletePolicy: - description: VolumeClaimDeletePolicy sets the policy for handling deletion - of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly - and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. - enum: - - DeleteOnScaledownOnly - - DeleteOnScaledownAndClusterDeletion - type: string - required: - - nodeSets - - version - type: object - status: - description: ElasticsearchStatus defines the observed state of Elasticsearch - properties: - availableNodes: - description: AvailableNodes is the number of available instances. - format: int32 - type: integer - health: - description: ElasticsearchHealth is the health of the cluster as returned - by the health API. - type: string - phase: - description: ElasticsearchOrchestrationPhase is the phase Elasticsearch - is in from the controller point of view. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + type: array + health: + description: ElasticsearchHealth is the health of the cluster as returned + by the health API. + type: string + inProgressOperations: + description: InProgressOperations represents changes being applied + by the operator to the Elasticsearch cluster. **This API is in technical + preview and may be changed or removed in a future release.** + properties: + downscale: + description: DownscaleOperation provides details about in progress + downscale operations. **This API is in technical preview and + may be changed or removed in a future release.** + properties: + lastUpdatedTime: + format: date-time + type: string + nodes: + description: Nodes which are scheduled to be removed from + the cluster. + items: + description: DownscaledNode provides an overview of in progress + changes applied by the operator to remove Elasticsearch + nodes from the cluster. **This API is in technical preview + and may be changed or removed in a future release.** + properties: + explanation: + description: Explanation provides details about an in + progress node shutdown. It is only available for clusters + managed with the Elasticsearch shutdown API. + type: string + name: + description: Name of the Elasticsearch node that should + be removed. + type: string + shutdownStatus: + description: Shutdown status as returned by the Elasticsearch + shutdown API. If the Elasticsearch shutdown API is + not available, the shutdown status is then inferred + from the remaining shards on the nodes, as observed + by the operator. + type: string + required: + - name + - shutdownStatus + type: object + type: array + stalled: + description: Stalled represents a state where no progress + can be made. It is only available for clusters managed with + the Elasticsearch shutdown API. + type: boolean + required: + - nodes + type: object + upgrade: + description: UpgradeOperation provides an overview of the pending + or in progress changes applied by the operator to update the + Elasticsearch nodes in the cluster. **This API is in technical + preview and may be changed or removed in a future release.** + properties: + lastUpdatedTime: + format: date-time + type: string + nodes: + description: Nodes that must be restarted for upgrade. + items: + description: UpgradedNode provides details about the status + of nodes which are expected to be updated. **This API + is in technical preview and may be changed or removed + in a future release.** + properties: + message: + description: Optional message to explain why a node + may not be immediately restarted for upgrade. + type: string + name: + description: Name of the Elasticsearch node that should + be upgraded. + type: string + predicate: + description: Predicate is the name of the predicate + currently preventing this node from being deleted + for an upgrade. + type: string + status: + description: Status states if the node is either in + the process of being deleted for an upgrade, or blocked + by a predicate or another condition stated in the + message field. + type: string + required: + - name + - status + type: object + type: array + required: + - nodes + type: object + upscale: + description: UpscaleOperation provides an overview of in progress + changes applied by the operator to add Elasticsearch nodes to + the cluster. **This API is in technical preview and may be changed + or removed in a future release.** + properties: + lastUpdatedTime: + format: date-time + type: string + nodes: + description: Nodes expected to be added by the operator. + items: + properties: + message: + description: Optional message to explain why a node + may not be immediately added. + type: string + name: + description: Name of the Elasticsearch node that should + be added to the cluster. + type: string + status: + description: NewNodeStatus states if a new node is being + created, or if the upscale is delayed. + type: string + required: + - name + - status + type: object + type: array + required: + - nodes + type: object + required: + - downscale + - upgrade + - upscale + type: object + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a + single Association of a given type (for ex. single ES reference), + this map contains a single entry. + type: object + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this Elasticsearch cluster. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Elasticsearch controller has not yet processed the changes contained + in the Elasticsearch specification. + format: int64 + type: integer + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch + is in from the controller point of view. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch + cluster. + properties: + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes + sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch + nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + count: + description: Count of Elasticsearch nodes to deploy. + format: int32 + minimum: 1 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the + Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, + annotations, affinity rules, resource requests, and so on) + for the Pods belonging to this NodeSet. + type: object + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume + claims to be used by each Pod in this NodeSet. Every claim + in this list must have a matching volumeMount in one of the + containers defined in the PodTemplate. Items defined here + take precedence over any default claims added by the operator + with the same name. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'Spec defines the desired characteristics + of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the other + is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource + only allows two specific types of objects, DataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the + underlying volume. + type: object + conditions: + description: Current Condition of persistent volume + claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating + details about last transition. + type: string + reason: + description: Unique, this should be a short, + machine understandable string that gives the + reason for condition's last transition. If + it reports "ResizeStarted" that means the + underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of + PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string + type: object + type: object + type: array + required: + - count + - name + type: object + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod + disruption budget for the Elasticsearch cluster. The default budget + selects all cluster pods and sets `maxUnavailable` to 1. To disable, + set `PodDisruptionBudget` to the empty value (`{}` in YAML). + properties: + metadata: + description: ObjectMeta is the metadata of the PDB. The name and + namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods selected by "selector" are unavailable after the eviction, + i.e. even in absence of the evicted pod. For example, one + can prevent all voluntary evictions by specifying 0. This + is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods selected by "selector" will still be available after + the eviction, i.e. even in the absence of the evicted pod. So + for example you can prevent all voluntary evictions by specifying + "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed + by the disruption budget. A null selector selects no pods. + An empty selector ({}) also selects no pods, which differs + from standard behavior of selecting all pods. In policy/v1, + an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should + be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider + when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that + can be created exceeding the original number of pods defined + in the specification. MaxSurge is only taken into consideration + when scaling up. Setting a negative value will disable the + restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods + that can be unavailable (not ready) during the update due + to circumstances under the control of the operator. Setting + a negative value will disable this restriction. Defaults + to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + required: + - nodeSets + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned + by the health API. + type: string + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch + is in from the controller point of view. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object served: false storage: false status: @@ -3037,35 +5715,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Enterprise Search version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: enterprisesearch.k8s.elastic.co names: categories: @@ -3077,489 +5740,1093 @@ spec: - ent singular: enterprisesearch scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnterpriseSearchSpec holds the specification of an Enterprise - Search resource. - properties: - config: - description: Config holds the Enterprise Search configuration. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified in - `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Enterprise Search instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Enterprise - Search resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise + Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise + Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Enterprise Search configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise + Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' format: int32 type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Enterprise Search Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise Search - pods. - type: object - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Enterprise Search. - type: string - type: object - status: - description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - service: - description: ExternalService is the name of the service associated to - the Enterprise Search Pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Enterprise + Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated + to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise + Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise + Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Enterprise Search configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise + Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Enterprise + Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated + to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: false + subresources: + status: {} status: acceptedNames: kind: "" @@ -3568,35 +6835,20 @@ status: storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' - helm.sh/chart: 'eck-operator-crds-1.6.0' + app.kubernetes.io/version: '2.1.0' + helm.sh/chart: 'eck-operator-crds-2.1.0' name: kibanas.kibana.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Kibana version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: kibana.k8s.elastic.co names: categories: @@ -3608,510 +6860,1230 @@ spec: - kb singular: kibana scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Kibana represents a Kibana resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KibanaSpec holds the specification of a Kibana instance. - properties: - config: - description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' - type: object - count: - description: Count of Kibana instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Kibana. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port - type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Kibana Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Kibana pods - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Kibana. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Kibana. - type: string - required: - - version - type: object - status: - description: KibanaStatus defines the observed state of Kibana - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + enterpriseSearchRef: + description: EnterpriseSearchRef is a reference to an EnterpriseSearch + running in the same Kubernetes cluster. Kibana provides the default + Enterprise Search UI starting version 7.14. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring + data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars + and each one sends data to one or two different Elasticsearch monitoring + clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + will receive log data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which will receive monitoring data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Kibana. + type: string + required: + - version + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of any auto-linking to + Elasticsearch clusters. This field is deprecated and will be removed + in a future release. Use ElasticsearchAssociationStatus instead. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: string + enterpriseSearchAssociationStatus: + description: EnterpriseSearchAssociationStatus is the status of any + auto-linking to Enterprise Search. + type: string + health: + description: Health of the deployment. + type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: MonitoringAssociationStatus is the status of any auto-linking + to monitoring Elasticsearch clusters. + type: object + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this Kibana instance. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Kibana controller has not yet processed the changes contained in + the Kibana specification. + format: int64 + type: integer + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of Kibana. + type: string + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + format: int32 + type: integer + health: + description: KibanaHealth expresses the status of the Kibana instances. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object served: false storage: false status: diff --git a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl index 25b20ed..a47c2c4 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl +++ b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl @@ -48,7 +48,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} Selector labels */}} {{- define "eck-operator.selectorLabels" -}} -{{- if .Values.internal.manifestGen }} +{{- if .Values.global.manifestGen }} control-plane: elastic-operator {{- else }} app.kubernetes.io/name: {{ include "eck-operator.name" . }} @@ -71,8 +71,8 @@ Create the name of the service account to use Determine effective Kubernetes version */}} {{- define "eck-operator.effectiveKubeVersion" -}} -{{- if .Values.internal.manifestGen -}} -{{- semver .Values.internal.kubeVersion -}} +{{- if .Values.global.manifestGen -}} +{{- semver .Values.global.kubeVersion -}} {{- else -}} {{- .Capabilities.KubeVersion.Version -}} {{- end -}} @@ -82,7 +82,7 @@ Determine effective Kubernetes version Determine the name for the webhook */}} {{- define "eck-operator.webhookName" -}} -{{- if .Values.internal.manifestGen -}} +{{- if .Values.global.manifestGen -}} elastic-webhook.k8s.elastic.co {{- else -}} {{- $name := include "eck-operator.name" . -}} @@ -94,7 +94,7 @@ elastic-webhook.k8s.elastic.co Determine the name for the webhook secret */}} {{- define "eck-operator.webhookSecretName" -}} -{{- if .Values.internal.manifestGen -}} +{{- if .Values.global.manifestGen -}} elastic-webhook-server-cert {{- else -}} {{- $name := include "eck-operator.name" . -}} @@ -106,7 +106,7 @@ elastic-webhook-server-cert Determine the name for the webhook service */}} {{- define "eck-operator.webhookServiceName" -}} -{{- if .Values.internal.manifestGen -}} +{{- if .Values.global.manifestGen -}} elastic-webhook-server {{- else -}} {{- $name := include "eck-operator.name" . -}} @@ -114,56 +114,10 @@ elastic-webhook-server {{- end -}} {{- end -}} -{{/* -Add the webhook sideEffects field on supported Kubernetes versions -*/}} -{{- define "eck-operator.webhookSideEffects" -}} -{{- $kubeVersion := (include "eck-operator.effectiveKubeVersion" .) -}} -{{- $kubeVersionSupported := semverCompare ">=1.13.0-0" $kubeVersion -}} -{{- if $kubeVersionSupported }} -sideEffects: "None" -{{- end }} -{{- end }} - -{{/* -Use v1 of ValidatingWebhookConfiguration on supported Kubernetes versions -*/}} -{{- define "eck-operator.webhookAPIVersion" -}} -{{- $kubeVersion := (include "eck-operator.effectiveKubeVersion" .) -}} -{{- $kubeVersionSupported := semverCompare ">=1.16.0-0" $kubeVersion -}} -{{- if $kubeVersionSupported -}} -admissionregistration.k8s.io/v1 -{{- else -}} -admissionregistration.k8s.io/v1beta1 -{{- end -}} -{{- end }} - - -{{/* -Define admissionReviewVersions based on Kubernetes version -*/}} -{{- define "eck-operator.webhookAdmissionReviewVersions" -}} -{{- $kubeVersion := (include "eck-operator.effectiveKubeVersion" .) -}} -{{- $kubeVersionSupported := semverCompare ">=1.16.0-0" $kubeVersion -}} -{{- if $kubeVersionSupported }} -admissionReviewVersions: [v1beta1] -{{- end }} -{{- end }} - - -{{/* -Define webhook match policy based on Kubernetes version -*/}} -{{- define "eck-operator.webhookMatchPolicy" -}} -{{- $kubeVersion := (include "eck-operator.effectiveKubeVersion" .) -}} -{{- $kubeVersionSupported := semverCompare ">=1.16.0-0" $kubeVersion -}} -{{- if $kubeVersionSupported }} -matchPolicy: Exact -{{- end }} -{{- end }} - {{/* RBAC permissions +NOTE - any changes made to RBAC permissions below require +updating docs/operating-eck/eck-permissions.asciidoc file. */}} {{- define "eck-operator.rbacRules" -}} - apiGroups: @@ -175,14 +129,20 @@ RBAC permissions - apiGroups: - "" resources: - - pods - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods - events - persistentvolumeclaims - secrets - services - configmaps - - serviceaccounts verbs: - get - list @@ -223,8 +183,6 @@ RBAC permissions - elasticsearches - elasticsearches/status - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - - enterpriselicenses - - enterpriselicenses/status verbs: - get - list @@ -232,7 +190,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - kibana.k8s.elastic.co resources: @@ -246,7 +203,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - apm.k8s.elastic.co resources: @@ -260,7 +216,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - enterprisesearch.k8s.elastic.co resources: @@ -274,7 +229,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - beat.k8s.elastic.co resources: @@ -288,7 +242,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - agent.k8s.elastic.co resources: @@ -302,7 +255,6 @@ RBAC permissions - create - update - patch - - delete - apiGroups: - maps.k8s.elastic.co resources: @@ -316,7 +268,6 @@ RBAC permissions - create - update - patch - - delete {{- end -}} {{/* @@ -334,7 +285,6 @@ RBAC permissions on non-namespaced resources - apiGroups: - admissionregistration.k8s.io resources: - - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - get @@ -345,3 +295,17 @@ RBAC permissions on non-namespaced resources - patch - delete {{- end -}} + +{{/* +RBAC permissions to read node labels +*/}} +{{- define "eck-operator.readNodeLabelsRbacRule" -}} +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml b/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml index 342792f..3c142b1 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml @@ -9,6 +9,9 @@ metadata: rules: {{ template "eck-operator.rbacRules" . | toYaml | indent 2 }} {{ template "eck-operator.clusterWideRbacRules" . | toYaml | indent 2 }} +{{ if .Values.config.exposedNodeLabels }} +{{ template "eck-operator.readNodeLabelsRbacRule" . | toYaml | indent 2 }} +{{ end -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml index 9813adc..d84de6d 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml @@ -16,10 +16,14 @@ data: ca-cert-rotate-before: {{ .Values.config.caRotateBefore }} cert-validity: {{ .Values.config.certificatesValidity }} cert-rotate-before: {{ .Values.config.certificatesRotateBefore }} + {{- if .Values.config.exposedNodeLabels }} + exposed-node-labels: [{{ join "," .Values.config.exposedNodeLabels }}] + {{- end }} set-default-security-context: {{ .Values.config.setDefaultSecurityContext }} kube-client-timeout: {{ .Values.config.kubeClientTimeout }} elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }} disable-telemetry: {{ .Values.telemetry.disabled }} + distribution-channel: {{ .Values.telemetry.distributionChannel }} {{- if .Values.telemetry.interval }} telemetry-interval: {{ .Values.telemetry.interval }} {{- end }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/operator-namespace.yaml b/charts/kubezero-logging/charts/eck-operator/templates/operator-namespace.yaml index c3841f8..07123b7 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/operator-namespace.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/operator-namespace.yaml @@ -1,4 +1,4 @@ -{{- if (and .Values.internal.manifestGen .Values.internal.createOperatorNamespace) -}} +{{- if (and .Values.global.manifestGen .Values.global.createOperatorNamespace) -}} --- apiVersion: v1 kind: Namespace diff --git a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml index 6f60830..e40146d 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml @@ -46,7 +46,6 @@ spec: args: - "manager" - "--config=/conf/eck.yaml" - - "--distribution-channel={{ .Values.telemetry.distributionChannel }}" {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml b/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml index 58e4f70..9da3b65 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml @@ -1,6 +1,6 @@ {{- if .Values.webhook.enabled -}} --- -apiVersion: {{ include "eck-operator.webhookAPIVersion" $ }} +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: {{ include "eck-operator.webhookName" . }} @@ -27,9 +27,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-agent-validation-v1alpha1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - agent.k8s.elastic.co @@ -56,9 +56,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-apm-validation-v1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - apm.k8s.elastic.co @@ -85,9 +85,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-apm-validation-v1beta1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - apm.k8s.elastic.co @@ -114,9 +114,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-beat-validation-v1beta1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - beat.k8s.elastic.co @@ -143,9 +143,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-ent-validation-v1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - enterprisesearch.k8s.elastic.co @@ -172,9 +172,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-ent-validation-v1beta1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - enterprisesearch.k8s.elastic.co @@ -201,9 +201,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-es-validation-v1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - elasticsearch.k8s.elastic.co @@ -230,9 +230,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-es-validation-v1beta1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - elasticsearch.k8s.elastic.co @@ -259,9 +259,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-kb-validation-v1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - kibana.k8s.elastic.co @@ -288,9 +288,9 @@ webhooks: {{- toYaml . | nindent 4 }} {{- end }} name: elastic-kb-validation-v1beta1.k8s.elastic.co -{{- include "eck-operator.webhookMatchPolicy" $ | indent 2 }} -{{- include "eck-operator.webhookAdmissionReviewVersions" $ | indent 2 }} -{{- include "eck-operator.webhookSideEffects" $ | indent 2 }} + matchPolicy: Exact + admissionReviewVersions: [v1beta1] + sideEffects: None rules: - apiGroups: - kibana.k8s.elastic.co diff --git a/charts/kubezero-logging/charts/eck-operator/values.yaml b/charts/kubezero-logging/charts/eck-operator/values.yaml index 8091d6d..a708632 100644 --- a/charts/kubezero-logging/charts/eck-operator/values.yaml +++ b/charts/kubezero-logging/charts/eck-operator/values.yaml @@ -32,7 +32,7 @@ imagePullSecrets: [] resources: limits: cpu: 1 - memory: 512Mi + memory: 1Gi requests: cpu: 100m memory: 150Mi @@ -122,7 +122,7 @@ kubeAPIServerIP: null telemetry: # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume. disabled: false - # distibutionChannel denotes which distribution channel was used to install the operator. + # distributionChannel denotes which distribution channel was used to install the operator. distributionChannel: "helm" # config values for the operator. @@ -155,8 +155,16 @@ config: # certificatesRotateBefore defines when to rotate a certificate that is due to expire. certificatesRotateBefore: 24h + # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods. + exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ] + # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator. - setDefaultSecurityContext: true + # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running + # in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows: + # "auto-detect" : auto detect + # "true" : set pod security context when creating resources. + # "false" : do not set pod security context when creating resources. + setDefaultSecurityContext: "auto-detect" # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator. kubeClientTimeout: 60s @@ -183,7 +191,7 @@ podMonitor: annotations: {} # namespace determines in which namespace the podMonitor will be deployed. - # If not set the podMonitor will be created in the namespace to release is installed into + # If not set the podMonitor will be created in the namespace where the Helm release is installed into # namespace: monitoring # interval specifies the interval at which metrics should be scraped @@ -199,8 +207,8 @@ podMonitor: podMetricsEndpointConfig: {} # honorTimestamps: true -# Internal use only -internal: +# Globals meant for internal use only +global: # manifestGen specifies whether the chart is running under manifest generator. # This is used for tasks specific to generating the all-in-one.yaml file. manifestGen: false @@ -208,4 +216,5 @@ internal: # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests). createOperatorNamespace: true # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml. - kubeVersion: 1.12.0 + kubeVersion: 1.16.0 + diff --git a/charts/kubezero-logging/values.yaml b/charts/kubezero-logging/values.yaml index 6e6765f..41d6e78 100644 --- a/charts/kubezero-logging/values.yaml +++ b/charts/kubezero-logging/values.yaml @@ -244,7 +244,7 @@ fluent-bit: image: #repository: public.ecr.aws/zero-downtime/fluent-bit - tag: 1.9.2 + tag: 1.9.3 serviceMonitor: enabled: false diff --git a/charts/kubezero-storage/README.md b/charts/kubezero-storage/README.md index 2436d20..102bd67 100644 --- a/charts/kubezero-storage/README.md +++ b/charts/kubezero-storage/README.md @@ -18,7 +18,7 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | aws-ebs-csi-driver | 2.6.5 | +| | aws-ebs-csi-driver | 2.6.6 | | | aws-efs-csi-driver | 2.2.3 | | | gemini | 1.0.0 | | | lvm-localpv | 0.9.0 | diff --git a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json index 54d838a..352b269 100644 --- a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "c3c908e39a1343abbd987a8ea3cf98a7a2703385", + "version": "08407ff7600eb16c4445d5f21c4fafaf19412e24", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "c26cc0815dfd32e84d1caba3d9bbb75f2b119937", + "version": "37f8f9d015efac5f83c3f490a52de1d686c2cdc9", "sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc=" }, { diff --git a/charts/kubezero-storage/update.sh b/charts/kubezero-storage/update.sh index 3d2d5e1..5961372 100755 --- a/charts/kubezero-storage/update.sh +++ b/charts/kubezero-storage/update.sh @@ -30,3 +30,5 @@ patch -i efs.patch -p0 --no-backup-if-mismatch # Metrics cd jsonnet make render + +helm-docs diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 6e9972c..1889cda 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.22.8-3 +version: 1.22.8-4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl index 8f43474..c70dfe5 100644 --- a/charts/kubezero/templates/_app.tpl +++ b/charts/kubezero/templates/_app.tpl @@ -35,7 +35,9 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true - {{- toYaml .Values.kubezero.syncPolicy | nindent 4 }} + {{- with .Values.kubezero.syncPolicy }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include (print $name "-argo") $ }} {{- end }} diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml index adec62c..0e3a9d8 100644 --- a/charts/kubezero/templates/istio-ingress.yaml +++ b/charts/kubezero/templates/istio-ingress.yaml @@ -71,12 +71,14 @@ gateway: telemetry: enabled: {{ $.Values.metrics.enabled }} +{{- with index .Values "istio-ingress" "certificates" }} certificates: -{{- range $cert := index .Values "istio-ingress" "certificates" }} +{{- range $cert := . }} - name: {{ $cert.name }} dnsNames: {{- toYaml $cert.dnsNames | nindent 4 }} {{- end }} +{{- end }} proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }} {{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 3915e59..d969517 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -38,12 +38,16 @@ istio-ingress: chart: kubezero-istio-gateway namespace: istio-ingress targetRevision: 0.8.0 + gateway: + service: {} istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress targetRevision: 0.8.0 + gateway: + service: {} metrics: enabled: false diff --git a/releases/v1.22/README.md b/releases/v1.22/README.md index 560472d..e9f8b00 100644 --- a/releases/v1.22/README.md +++ b/releases/v1.22/README.md @@ -52,8 +52,12 @@ Wait each time for controller to join and all pods running. Might take a while ... 4. Migrate ArgoCD config for the cluster -`./migrate_argo.sh ` -Adjust as needed, eg. ensure eck-operator is enabled if needed. +```cat | ./release/v1.22/migrate_agro.py``` +Adjust as needed... + +If ECK operator is running in your cluster make sure to replace the CRDs *BEFORE* committing the new kubezero config ! +```kubectl replace -f https://download.elastic.co/downloads/eck/2.1.0/crds.yaml``` + git add / commit / push Watch ArgoCD do its work. @@ -62,5 +66,4 @@ Eg. by doubling `desired` for each worker ASG, once all new workers joined, drain old workers one by one, finally reset `desired` for each worker ASG which will terminate the old workers. -## Known issues - +## Known issues \ No newline at end of file diff --git a/releases/v1.22/kubezero.sh b/releases/v1.22/kubezero.sh index 23ad7f3..f09f4eb 100755 --- a/releases/v1.22/kubezero.sh +++ b/releases/v1.22/kubezero.sh @@ -140,13 +140,13 @@ if [ "$1" == 'upgrade' ]; then fi ### POST 1.22 specific - + # Remove all remaining kiam helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/ helm repo update helm template uswitch/kiam --name-template kiam --set server.prometheus.servicemonitor.enabled=true --set agent.prometheus.servicemonitor.enabled=true | kubectl delete --namespace kube-system -f - || true - + ###################### # network yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml @@ -160,9 +160,9 @@ if [ "$1" == 'upgrade' ]; then ###################### + # Could be removed with 1.23 as we now have persistent etcd # Execute cluster backup to allow new controllers to join kubectl create job backup-cluster-now --from=cronjob/kubezero-backup -n kube-system - # That might take a while as the backup pod needs the CNIs to come online etc. retry 10 30 40 kubectl wait --for=condition=complete job/backup-cluster-now -n kube-system && kubectl delete job backup-cluster-now -n kube-system @@ -192,28 +192,31 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then rm -rf ${HOSTFS}/var/lib/etcd/member else - retry 10 60 30 restic restore latest --no-lock -t / --tag $VERSION + # Todo: 1.23 + # Workaround for 1.22 as the final backup is still tagged with the previous verion from the cronjob + #retry 10 60 30 restic restore latest --no-lock -t / --tag $VERSION + retry 10 60 30 restic restore latest --no-lock -t / - # Make last etcd snapshot available - cp ${WORKDIR}/etcd_snapshot ${HOSTFS}/etc/kubernetes + # Make last etcd snapshot available + cp ${WORKDIR}/etcd_snapshot ${HOSTFS}/etc/kubernetes - # Put PKI in place - cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes + # Put PKI in place + cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes - # Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks - cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config + # Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks + cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config # etcd needs to resync during join - if [[ "$1" =~ "^(restore)$" ]]; then - # Only restore etcd data set if none exists already - if [ ! -d ${HOSTFS}/var/lib/etcd/member ]; then - etcdctl snapshot restore ${HOSTFS}/etc/kubernetes/etcd_snapshot \ - --name $ETCD_NODENAME \ - --data-dir="${HOSTFS}/var/lib/etcd" \ - --initial-cluster-token etcd-${CLUSTERNAME} \ - --initial-advertise-peer-urls https://${ETCD_NODENAME}:2380 \ - --initial-cluster $ETCD_NODENAME=https://${ETCD_NODENAME}:2380 - fi + if [[ "$1" =~ "^(restore)$" ]]; then + # Only restore etcd data set if none exists already + if [ ! -d ${HOSTFS}/var/lib/etcd/member ]; then + etcdctl snapshot restore ${HOSTFS}/etc/kubernetes/etcd_snapshot \ + --name $ETCD_NODENAME \ + --data-dir="${HOSTFS}/var/lib/etcd" \ + --initial-cluster-token etcd-${CLUSTERNAME} \ + --initial-advertise-peer-urls https://${ETCD_NODENAME}:2380 \ + --initial-cluster $ETCD_NODENAME=https://${ETCD_NODENAME}:2380 + fi fi fi @@ -247,8 +250,8 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then # Failsafe / etcd on ephmeral: we were a member but our dataset is missing # -> remove former self so we can re-join if [ -n "$MY_ID" -a ! -d ${HOSTFS}/var/lib/etcd/member ]; then - # Remove former self first - [ -n "$MY_ID" ] && retry 12 5 5 etcdctl member remove $MY_ID --endpoints=$etcd_endpoints + # Remove former self first + [ -n "$MY_ID" ] && retry 12 5 5 etcdctl member remove $MY_ID --endpoints=$etcd_endpoints MY_ID="" fi @@ -315,7 +318,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then fi # install / update network and addons - if [[ "$1" =~ "^(bootstrap|join|restore)$" ]]; then + if [[ "$1" =~ "^(bootstrap)$" ]]; then # network yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml helm template $CHARTS/kubezero-network --namespace kube-system --include-crds --name-template network \ diff --git a/releases/v1.22/migrate_argo.py b/releases/v1.22/migrate_argo.py new file mode 100755 index 0000000..07cc809 --- /dev/null +++ b/releases/v1.22/migrate_argo.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python3 +import sys +import argparse +import io +import ruamel.yaml + + +yaml = ruamel.yaml.YAML() +yaml.preserve_quotes = True +yaml.explicit_start = True +yaml.indent(mapping=2, sequence=4, offset=2) + + +parser = argparse.ArgumentParser(description="Update Route53 entries") +parser.add_argument( + "--version", + dest="version", + default="1.22.8-4", + action="store", + required=False, + help="Update KubeZero version", +) + +args = parser.parse_args() + +application = yaml.load(sys.stdin) + +# Set version from cmd line +if args.version: + application["spec"]["source"]["targetRevision"] = args.version + +# Extract Helm values +values = yaml.load(application["spec"]["source"]["helm"]["values"]) + +### Do your thing + +# New Istio Gateway charts +if "private" in values["istio-ingress"]: + values["istio-private-ingress"] = { + "enabled": True, + "certificates": values["istio-ingress"]["private"]["certificates"].copy() + } + + if "gateway" in values["istio-ingress"]["private"]: + values["istio-private-ingress"]["gateway"] = {} + + try: + values["istio-private-ingress"]["gateway"]["replicaCount"] = values["istio-ingress"]["private"]["gateway"]["replicaCount"] + except KeyError: + pass + + if "ports" in values["istio-ingress"]["private"]["gateway"]: + values["istio-private-ingress"]["gateway"]["service"] = {} + values["istio-private-ingress"]["gateway"]["service"]["ports"] = [] + for port in values["istio-ingress"]["private"]["gateway"]["ports"]: + if port["name"] not in ["status-port", "http2", "https"]: + values["istio-private-ingress"]["gateway"]["service"]["ports"].append(port) + + values["istio-ingress"].pop("private") + +if "public" in values["istio-ingress"]: + values["istio-ingress"]["certificates"] = values["istio-ingress"]["public"]["certificates"].copy() + + if "gateway" in values["istio-ingress"]["public"]: + values["istio-ingress"]["gateway"] = {} + + try: + values["istio-ingress"]["gateway"]["replicaCount"] = values["istio-ingress"]["public"]["gateway"]["replicaCount"] + except KeyError: + pass + + if "ports" in values["istio-ingress"]["public"]["gateway"]: + values["istio-ingress"]["gateway"]["service"] = {} + values["istio-ingress"]["gateway"]["service"]["ports"] = [] + for port in values["istio-ingress"]["public"]["gateway"]["ports"]: + if port["name"] not in ["status-port", "http2", "https"]: + values["istio-ingress"]["gateway"]["service"]["ports"].append(port) + + values["istio-ingress"].pop("public") + +if "global" in values["istio-ingress"]: + values["istio-ingress"].pop("global") + +# Remove Kiam +if "kiam" in values: + values.pop("kiam") + +### End + +# Merge new values +buffer = io.StringIO() +yaml.dump(values, buffer) +application["spec"]["source"]["helm"]["values"] = buffer.getvalue() + +# Dump final yaml +yaml.dump(application, sys.stdout) diff --git a/releases/v1.22/migrate_argo.sh b/releases/v1.22/migrate_argo.sh deleted file mode 100755 index a8e69d5..0000000 --- a/releases/v1.22/migrate_argo.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -x - -YAML=$1 - -# Convert keys -yq eval -i ' - .spec.source.targetRevision="1.22.8-2" - ' $YAML - -# Extract values -yq eval '.spec.source.helm.values' $1 > _values.yaml - - -# merge _values.yaml back -yq eval -Pi '.spec.source.helm.values |= strload("_values.yaml")' $YAML - -rm -f _values.yaml diff --git a/releases/v1.22/upgrade_cluster.sh b/releases/v1.22/upgrade_cluster.sh index 3b81fdf..3450b7f 100755 --- a/releases/v1.22/upgrade_cluster.sh +++ b/releases/v1.22/upgrade_cluster.sh @@ -2,11 +2,52 @@ VERSION="v1.22.8" -[ -n "$DEBUG" ] && DEBUG=1 +[ -n "$DEBUG" ] && set -x # unset any AWS_DEFAULT_PROFILE as it will break aws-iam-auth unset AWS_DEFAULT_PROFILE +echo "Deploying node upgrade daemonSet..." +cat <