From cac3d844ffea29529e5eefe699fdd6a66ffa1726 Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Sat, 13 Apr 2024 09:42:26 -0500 Subject: [PATCH] ack-opensearchservice-controller artifacts for version 0.0.23 (#4294) Signed-off-by: ack-bot Co-authored-by: ack-bot --- .../0.0.23/bundle.Dockerfile | 21 + ...vice-controller.clusterserviceversion.yaml | 289 ++++++++++ ...rchservice-metrics-service_v1_service.yaml | 16 + ...der_rbac.authorization.k8s.io_v1_role.yaml | 14 + ...ter_rbac.authorization.k8s.io_v1_role.yaml | 26 + ...earchservice.services.k8s.aws_domains.yaml | 502 ++++++++++++++++++ .../0.0.23/metadata/annotations.yaml | 15 + .../0.0.23/tests/scorecard/config.yaml | 50 ++ 8 files changed, 933 insertions(+) create mode 100644 operators/ack-opensearchservice-controller/0.0.23/bundle.Dockerfile create mode 100644 operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-metrics-service_v1_service.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/manifests/opensearchservice.services.k8s.aws_domains.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/metadata/annotations.yaml create mode 100644 operators/ack-opensearchservice-controller/0.0.23/tests/scorecard/config.yaml diff --git a/operators/ack-opensearchservice-controller/0.0.23/bundle.Dockerfile b/operators/ack-opensearchservice-controller/0.0.23/bundle.Dockerfile new file mode 100644 index 00000000000..7af9121d082 --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-opensearchservice-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..891faf5f95f --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-controller.clusterserviceversion.yaml @@ -0,0 +1,289 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "opensearchservice.services.k8s.aws/v1alpha1", + "kind": "Domain", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/opensearchservice-controller:0.0.23 + createdAt: "2024-03-29T18:04:23Z" + description: AWS OpenSearch Service controller is a service controller for managing + OpenSearch Service resources in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-opensearchservice-controller.v0.0.23 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Domain represents the state of an AWS opensearchservice Domain + resource. + displayName: Domain + kind: Domain + name: domains.opensearchservice.services.k8s.aws + version: v1alpha1 + description: |- + Manage OpenSearch Service resources in AWS from within your Kubernetes cluster. + + **About Amazon OpenSearch Service** + + Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS. When you create a cluster, you have the option of which search engine to use. OpenSearch Service offers broad compatibility with Elasticsearch OSS 7.10, the final open source version of the software. For information about what changed with the recent service renaming, and the actions you might need to take, see [Amazon OpenSearch Service - Summary of changes](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html). + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon OpenSearch Service + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-opensearchservice-controller + deployments: + - label: + app.kubernetes.io/name: ack-opensearchservice-controller + app.kubernetes.io/part-of: ack-system + name: ack-opensearchservice-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-opensearchservice-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-opensearchservice-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-opensearchservice-user-config + optional: false + - secretRef: + name: ack-opensearchservice-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/opensearchservice-controller:0.0.23 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-opensearchservice-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-opensearchservice-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - opensearchservice + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon OpenSearch Service Developer Resources + url: https://aws.amazon.com/opensearch-service/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: opensearch service maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 0.0.23 diff --git a/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-metrics-service_v1_service.yaml b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..18d485852e5 --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-opensearchservice-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-opensearchservice-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..f2b11d6523f --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-opensearchservice-reader +rules: +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - get + - list + - watch diff --git a/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..e7b6171bddb --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/manifests/ack-opensearchservice-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-opensearchservice-writer +rules: +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - opensearchservice.services.k8s.aws + resources: + - domains + verbs: + - get + - patch + - update diff --git a/operators/ack-opensearchservice-controller/0.0.23/manifests/opensearchservice.services.k8s.aws_domains.yaml b/operators/ack-opensearchservice-controller/0.0.23/manifests/opensearchservice.services.k8s.aws_domains.yaml new file mode 100644 index 00000000000..0dcd7596fc6 --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/manifests/opensearchservice.services.k8s.aws_domains.yaml @@ -0,0 +1,502 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: domains.opensearchservice.services.k8s.aws +spec: + group: opensearchservice.services.k8s.aws + names: + kind: Domain + listKind: DomainList + plural: domains + singular: domain + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Domain is the Schema for the Domains API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DomainSpec defines the desired state of Domain. + properties: + accessPolicies: + description: IAM access policy as a JSON-formatted string. + type: string + advancedOptions: + additionalProperties: + type: string + description: |- + Option to allow references to indices in an HTTP request body. Must be false + when configuring access to individual sub-resources. By default, the value + is true. See Advanced cluster parameters (http://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options) + for more information. + type: object + advancedSecurityOptions: + description: Specifies advanced security options. + properties: + anonymousAuthEnabled: + type: boolean + enabled: + type: boolean + internalUserDatabaseEnabled: + type: boolean + masterUserOptions: + description: 'Credentials for the master user: username and password, + ARN, or both.' + properties: + masterUserARN: + description: |- + The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities + (http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in Using AWS + Identity and Access Management for more information. + type: string + masterUserName: + type: string + masterUserPassword: + description: |- + SecretKeyReference combines a k8s corev1.SecretReference with a + specific key within the referred-to Secret + properties: + key: + description: Key is the key within the secret + type: string + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + sAMLOptions: + description: The SAML application configuration for the domain. + properties: + enabled: + type: boolean + idp: + description: The SAML identity povider's information. + properties: + entityID: + type: string + metadataContent: + type: string + type: object + masterBackendRole: + type: string + masterUserName: + type: string + rolesKey: + type: string + sessionTimeoutMinutes: + format: int64 + type: integer + subjectKey: + type: string + type: object + type: object + autoTuneOptions: + description: Specifies Auto-Tune options. + properties: + desiredState: + description: The Auto-Tune desired state. Valid values are ENABLED + and DISABLED. + type: string + maintenanceSchedules: + items: + description: |- + Specifies the Auto-Tune maintenance schedule. See Auto-Tune for Amazon OpenSearch + Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html) + for more information. + properties: + cronExpressionForRecurrence: + type: string + duration: + description: |- + The maintenance schedule duration: duration value and duration unit. See + Auto-Tune for Amazon OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html) + for more information. + properties: + unit: + description: |- + The unit of a maintenance schedule duration. Valid value is HOUR. See Auto-Tune + for Amazon OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html) + for more information. + type: string + value: + description: |- + Integer to specify the value of a maintenance schedule duration. See Auto-Tune + for Amazon OpenSearch Service (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html) + for more information. + format: int64 + type: integer + type: object + startAt: + format: date-time + type: string + type: object + type: array + type: object + clusterConfig: + description: |- + Configuration options for a domain. Specifies the instance type and number + of instances in the domain. + properties: + coldStorageOptions: + description: Specifies the configuration for cold storage options + such as enabled + properties: + enabled: + type: boolean + type: object + dedicatedMasterCount: + format: int64 + type: integer + dedicatedMasterEnabled: + type: boolean + dedicatedMasterType: + type: string + instanceCount: + format: int64 + type: integer + instanceType: + type: string + warmCount: + format: int64 + type: integer + warmEnabled: + type: boolean + warmType: + type: string + zoneAwarenessConfig: + description: |- + The zone awareness configuration for the domain cluster, such as the number + of availability zones. + properties: + availabilityZoneCount: + format: int64 + type: integer + type: object + zoneAwarenessEnabled: + type: boolean + type: object + cognitoOptions: + description: |- + Options to specify the Cognito user and identity pools for OpenSearch Dashboards + authentication. For more information, see Configuring Amazon Cognito authentication + for OpenSearch Dashboards (http://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html). + properties: + enabled: + type: boolean + identityPoolID: + type: string + roleARN: + type: string + userPoolID: + type: string + type: object + domainEndpointOptions: + description: Options to specify configurations that will be applied + to the domain endpoint. + properties: + customEndpoint: + type: string + customEndpointCertificateARN: + description: |- + The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities + (http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in Using AWS + Identity and Access Management for more information. + type: string + customEndpointEnabled: + type: boolean + enforceHTTPS: + type: boolean + tlsSecurityPolicy: + type: string + type: object + ebsOptions: + description: |- + Options to enable, disable, and specify the type and size of EBS storage + volumes. + properties: + ebsEnabled: + type: boolean + iops: + format: int64 + type: integer + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + description: |- + The type of EBS volume, standard, gp2, gp3 or io1. See Configuring EBS-based + Storage (http://docs.aws.amazon.com/opensearch-service/latest/developerguide/opensearch-createupdatedomains.html#opensearch-createdomain-configure-ebs) + for more information. + type: string + type: object + encryptionAtRestOptions: + description: Options for encryption of data at rest. + properties: + enabled: + type: boolean + kmsKeyID: + type: string + type: object + engineVersion: + description: |- + String of format Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine + version for the Amazon OpenSearch Service domain. For example, "OpenSearch_1.0" + or "Elasticsearch_7.9". For more information, see Creating and managing Amazon + OpenSearch Service domains (http://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomains). + type: string + logPublishingOptions: + additionalProperties: + description: |- + Log Publishing option that is set for a given domain. Attributes and their + details: + * CloudWatchLogsLogGroupArn: ARN of the Cloudwatch log group to publish + logs to. + + + * Enabled: Whether the log publishing for a given log type is enabled + or not. + properties: + cloudWatchLogsLogGroupARN: + description: ARN of the Cloudwatch log group to publish logs + to. + type: string + enabled: + type: boolean + type: object + description: |- + Map of LogType and LogPublishingOption, each containing options to publish + a given type of OpenSearch log. + type: object + name: + description: |- + The name of the Amazon OpenSearch Service domain you're creating. Domain + names are unique across the domains owned by an account within an AWS region. + Domain names must start with a lowercase letter and can contain the following + characters: a-z (lowercase), 0-9, and - (hyphen). + type: string + nodeToNodeEncryptionOptions: + description: Node-to-node encryption options. + properties: + enabled: + type: boolean + type: object + tags: + description: A list of Tag added during domain creation. + items: + description: A key value pair for a resource tag. + properties: + key: + description: |- + A string of length from 1 to 128 characters that specifies the key for a + tag. Tag keys must be unique for the domain to which they're attached. + type: string + value: + description: |- + A string of length from 0 to 256 characters that specifies the value for + a tag. Tag values can be null and don't have to be unique in a tag set. + type: string + type: object + type: array + vpcOptions: + description: |- + Options to specify the subnets and security groups for a VPC endpoint. For + more information, see Launching your Amazon OpenSearch Service domains using + a VPC (http://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html). + properties: + securityGroupIDs: + items: + type: string + type: array + subnetIDs: + items: + type: string + type: array + type: object + required: + - name + type: object + status: + description: DomainStatus defines the observed state of Domain + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + changeProgressDetails: + description: Specifies change details of the domain configuration + change. + properties: + changeID: + type: string + message: + type: string + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + created: + description: |- + The domain creation status. True if the creation of a domain is complete. + False if domain creation is still in progress. + type: boolean + deleted: + description: |- + The domain deletion status. True if a delete request has been received for + the domain but resource cleanup is still in progress. False if the domain + has not been deleted. Once domain deletion is complete, the status of the + domain is no longer returned. + type: boolean + domainID: + description: The unique identifier for the specified domain. + type: string + endpoint: + description: The domain endpoint that you use to submit index and + search requests. + type: string + endpoints: + additionalProperties: + type: string + description: |- + Map containing the domain endpoints used to submit index and search requests. + Example key, value: 'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'. + type: object + processing: + description: |- + The status of the domain configuration. True if Amazon OpenSearch Service + is processing configuration changes. False if the configuration is active. + type: boolean + serviceSoftwareOptions: + description: The current status of the domain's service software. + properties: + automatedUpdateDate: + format: date-time + type: string + cancellable: + type: boolean + currentVersion: + type: string + description: + type: string + newVersion: + type: string + optionalDeployment: + type: boolean + updateAvailable: + type: boolean + updateStatus: + type: string + type: object + snapshotOptions: + description: The status of the SnapshotOptions. + properties: + automatedSnapshotStartHour: + format: int64 + type: integer + type: object + upgradeProcessing: + description: |- + The status of a domain version upgrade. True if Amazon OpenSearch Service + is undergoing a version upgrade. False if the configuration is active. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-opensearchservice-controller/0.0.23/metadata/annotations.yaml b/operators/ack-opensearchservice-controller/0.0.23/metadata/annotations.yaml new file mode 100644 index 00000000000..3e37339fe93 --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-opensearchservice-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-opensearchservice-controller/0.0.23/tests/scorecard/config.yaml b/operators/ack-opensearchservice-controller/0.0.23/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-opensearchservice-controller/0.0.23/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}