From 3f71dba149e32a541d86ed40c51ed0e5d37d4d01 Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:54:16 -0800 Subject: [PATCH] operator ack-route53resolver-controller (1.0.2) --- .../1.0.2/bundle.Dockerfile | 21 ++ ...lver-controller.clusterserviceversion.yaml | 291 +++++++++++++++++ ...53resolver-metrics-service_v1_service.yaml | 16 + ...der_rbac.authorization.k8s.io_v1_role.yaml | 15 + ...ter_rbac.authorization.k8s.io_v1_role.yaml | 28 ++ ...er.services.k8s.aws_resolverendpoints.yaml | 303 ++++++++++++++++++ ...solver.services.k8s.aws_resolverrules.yaml | 268 ++++++++++++++++ .../1.0.2/metadata/annotations.yaml | 15 + .../1.0.2/tests/scorecard/config.yaml | 50 +++ 9 files changed, 1007 insertions(+) create mode 100644 operators/ack-route53resolver-controller/1.0.2/bundle.Dockerfile create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-controller.clusterserviceversion.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-metrics-service_v1_service.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-reader_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-writer_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverendpoints.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverrules.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/metadata/annotations.yaml create mode 100644 operators/ack-route53resolver-controller/1.0.2/tests/scorecard/config.yaml diff --git a/operators/ack-route53resolver-controller/1.0.2/bundle.Dockerfile b/operators/ack-route53resolver-controller/1.0.2/bundle.Dockerfile new file mode 100644 index 00000000000..15d791c3ff5 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-route53resolver-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-controller.clusterserviceversion.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..440e602f3fe --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-controller.clusterserviceversion.yaml @@ -0,0 +1,291 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "route53resolver.services.k8s.aws/v1alpha1", + "kind": "ResolverEndpoint", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "route53resolver.services.k8s.aws/v1alpha1", + "kind": "ResolverRule", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/route53resolver-controller:1.0.2 + createdAt: "2024-12-23T20:44:40Z" + description: AWS Route53Resolver controller is a service controller for managing + Route53Resolver resources in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-route53resolver-controller.v1.0.2 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ResolverEndpoint represents the state of an AWS route53resolver + ResolverEndpoint resource. + displayName: ResolverEndpoint + kind: ResolverEndpoint + name: resolverendpoints.route53resolver.services.k8s.aws + version: v1alpha1 + - description: ResolverRule represents the state of an AWS route53resolver ResolverRule + resource. + displayName: ResolverRule + kind: ResolverRule + name: resolverrules.route53resolver.services.k8s.aws + version: v1alpha1 + description: |- + Manage Amazon Route53Resolver resources in AWS from within your Kubernetes cluster. + + **About Amazon Route53Resolver** + + Amazon Route 53 Resolver responds recursively to DNS queries from AWS resources for public records, Amazon VPC-specific DNS names, and Amazon Route 53 private hosted zones, and is available by default in all VPCs. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon Route53Resolver + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + - securitygroups/status + - subnets + - subnets/status + verbs: + - get + - list + - apiGroups: + - route53resolver.services.k8s.aws + resources: + - resolverendpoints + - resolverrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route53resolver.services.k8s.aws + resources: + - resolverendpoints/status + - resolverrules/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-route53resolver-controller + deployments: + - label: + app.kubernetes.io/name: ack-route53resolver-controller + app.kubernetes.io/part-of: ack-system + name: ack-route53resolver-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-route53resolver-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-route53resolver-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + - --feature-gates + - $(FEATURE_GATES) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-route53resolver-user-config + optional: false + - secretRef: + name: ack-route53resolver-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/route53resolver-controller:1.0.2 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-route53resolver-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-route53resolver-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - route53resolver + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon Route53Resolver Developer Resources + url: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html + maintainers: + - email: ack-maintainers@amazon.com + name: route53resolver maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.0.2 diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-metrics-service_v1_service.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..284b2a34f99 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-route53resolver-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-route53resolver-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..586bc3e8bf0 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-route53resolver-reader +rules: +- apiGroups: + - route53resolver.services.k8s.aws + resources: + - resolverendpoints + - resolverrules + verbs: + - get + - list + - watch diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..d32e950e7ac --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/ack-route53resolver-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-route53resolver-writer +rules: +- apiGroups: + - route53resolver.services.k8s.aws + resources: + - resolverendpoints + - resolverrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - route53resolver.services.k8s.aws + resources: + - resolverendpoints + - resolverrules + verbs: + - get + - patch + - update diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverendpoints.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverendpoints.yaml new file mode 100644 index 00000000000..26fbb5258f4 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverendpoints.yaml @@ -0,0 +1,303 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + creationTimestamp: null + name: resolverendpoints.route53resolver.services.k8s.aws +spec: + group: route53resolver.services.k8s.aws + names: + kind: ResolverEndpoint + listKind: ResolverEndpointList + plural: resolverendpoints + singular: resolverendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ResolverEndpoint is the Schema for the ResolverEndpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ResolverEndpointSpec defines the desired state of ResolverEndpoint. + + In the response to a CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html), + DeleteResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverEndpoint.html), + GetResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html), + Updates the name, or ResolverEndpointType for an endpoint, or UpdateResolverEndpoint + (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html) + request, a complex type that contains settings for an existing inbound or + outbound Resolver endpoint. + properties: + direction: + description: |- + Specify the applicable value: + + * INBOUND: Resolver forwards DNS queries to the DNS service for a VPC + from your network + + * OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC + to your network + type: string + ipAddresses: + description: |- + The subnets and IP addresses in your VPC that DNS queries originate from + (for outbound endpoints) or that you forward DNS queries to (for inbound + endpoints). The subnet ID uniquely identifies a VPC. + items: + description: |- + In a CreateResolverEndpoint (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html) + request, the IP address that DNS queries originate from (for outbound endpoints) + or that you forward DNS queries to (for inbound endpoints). IpAddressRequest + also includes the ID of the subnet that contains the IP address. + properties: + ip: + type: string + ipv6: + type: string + subnetID: + type: string + subnetRef: + description: Reference field for SubnetID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + name: + description: |- + A friendly name that lets you easily find a configuration in the Resolver + dashboard in the Route 53 console. + type: string + resolverEndpointType: + description: |- + For the endpoint type you can choose either IPv4, IPv6. or dual-stack. A + dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This + endpoint type is applied to all IP addresses. + type: string + securityGroupIDs: + description: |- + The ID of one or more security groups that you want to use to control access + to this VPC. The security group that you specify must include one or more + inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound + Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. + For inbound access, open port 53. For outbound access, open the port that + you're using for DNS queries on your network. + items: + type: string + type: array + securityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + tags: + description: A list of the tag keys and values that you want to associate + with the endpoint. + items: + description: |- + One tag that you want to add to the specified resource. A tag consists of + a Key (a name for the tag) and a Value. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - direction + - ipAddresses + type: object + status: + description: ResolverEndpointStatus defines the observed state of ResolverEndpoint + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: |- + The date and time that the endpoint was created, in Unix time format and + Coordinated Universal Time (UTC). + type: string + creatorRequestID: + description: |- + A unique string that identifies the request that created the Resolver endpoint. + The CreatorRequestId allows failed requests to be retried without the risk + of running the operation twice. + type: string + hostVPCID: + description: The ID of the VPC that you want to create the Resolver + endpoint in. + type: string + id: + description: The ID of the Resolver endpoint. + type: string + ipAddressCount: + description: The number of IP addresses that the Resolver endpoint + can use for DNS queries. + format: int64 + type: integer + modificationTime: + description: |- + The date and time that the endpoint was last modified, in Unix time format + and Coordinated Universal Time (UTC). + type: string + status: + description: |- + A code that specifies the current status of the Resolver endpoint. Valid + values include the following: + + * CREATING: Resolver is creating and configuring one or more Amazon VPC + network interfaces for this endpoint. + + * OPERATIONAL: The Amazon VPC network interfaces for this endpoint are + correctly configured and able to pass inbound or outbound DNS queries + between your network and Resolver. + + * UPDATING: Resolver is associating or disassociating one or more network + interfaces with this endpoint. + + * AUTO_RECOVERING: Resolver is trying to recover one or more of the network + interfaces that are associated with this endpoint. During the recovery + process, the endpoint functions with limited capacity because of the limit + on the number of DNS queries per IP address (per network interface). For + the current limit, see Limits on Route 53 Resolver (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities-resolver). + + * ACTION_NEEDED: This endpoint is unhealthy, and Resolver can't automatically + recover it. To resolve the problem, we recommend that you check each IP + address that you associated with the endpoint. For each IP address that + isn't available, add another IP address and then delete the IP address + that isn't available. (An endpoint must always include at least two IP + addresses.) A status of ACTION_NEEDED can have a variety of causes. Here + are two common causes: One or more of the network interfaces that are + associated with the endpoint were deleted using Amazon VPC. The network + interface couldn't be created for some reason that's outside the control + of Resolver. + + * DELETING: Resolver is deleting this endpoint and the associated network + interfaces. + type: string + statusMessage: + description: A detailed description of the status of the Resolver + endpoint. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverrules.yaml b/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverrules.yaml new file mode 100644 index 00000000000..23d0137fd31 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/manifests/route53resolver.services.k8s.aws_resolverrules.yaml @@ -0,0 +1,268 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + creationTimestamp: null + name: resolverrules.route53resolver.services.k8s.aws +spec: + group: route53resolver.services.k8s.aws + names: + kind: ResolverRule + listKind: ResolverRuleList + plural: resolverrules + singular: resolverrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ResolverRule is the Schema for the ResolverRules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ResolverRuleSpec defines the desired state of ResolverRule. + + For queries that originate in your VPC, detailed information about a Resolver + rule, which specifies how to route DNS queries out of the VPC. The ResolverRule + parameter appears in the response to a CreateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html), + DeleteResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverRule.html), + GetResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html), + ListResolverRules (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html), + or UpdateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverRule.html) + request. + properties: + associations: + items: + description: |- + In the response to an AssociateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html), + DisassociateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html), + or ListResolverRuleAssociations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html) + request, provides information about an association between a Resolver rule + and a VPC. The association determines which DNS queries that originate in + the VPC are forwarded to your network. + properties: + id: + type: string + name: + type: string + resolverRuleID: + type: string + status: + type: string + statusMessage: + type: string + vpcID: + type: string + type: object + type: array + domainName: + description: |- + DNS queries for this domain name are forwarded to the IP addresses that you + specify in TargetIps. If a query matches multiple Resolver rules (example.com + and www.example.com), outbound DNS queries are routed using the Resolver + rule that contains the most specific domain name (www.example.com). + type: string + name: + description: |- + A friendly name that lets you easily find a rule in the Resolver dashboard + in the Route 53 console. + type: string + resolverEndpointID: + description: |- + The ID of the outbound Resolver endpoint that you want to use to route DNS + queries to the IP addresses that you specify in TargetIps. + type: string + ruleType: + description: |- + When you want to forward DNS queries for specified domain name to resolvers + on your network, specify FORWARD. + + When you have a forwarding rule to forward DNS queries for a domain to your + network and you want Resolver to process queries for a subdomain of that + domain, specify SYSTEM. + + For example, to forward DNS queries for example.com to resolvers on your + network, you create a rule and specify FORWARD for RuleType. To then have + Resolver process queries for apex.example.com, you create a rule and specify + SYSTEM for RuleType. + + Currently, only Resolver can create rules that have a value of RECURSIVE + for RuleType. + type: string + tags: + description: A list of the tag keys and values that you want to associate + with the endpoint. + items: + description: |- + One tag that you want to add to the specified resource. A tag consists of + a Key (a name for the tag) and a Value. + properties: + key: + type: string + value: + type: string + type: object + type: array + targetIPs: + description: |- + The IPs that you want Resolver to forward DNS queries to. You can specify + only IPv4 addresses. Separate IP addresses with a space. + + TargetIps is available only when the value of Rule type is FORWARD. + items: + description: |- + In a CreateResolverRule (https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html) + request, an array of the IPs that you want to forward DNS queries to. + properties: + ip: + type: string + ipv6: + type: string + port: + format: int64 + type: integer + type: object + type: array + required: + - domainName + - ruleType + type: object + status: + description: ResolverRuleStatus defines the observed state of ResolverRule + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: |- + The date and time that the Resolver rule was created, in Unix time format + and Coordinated Universal Time (UTC). + type: string + creatorRequestID: + description: |- + A unique string that you specified when you created the Resolver rule. CreatorRequestId + identifies the request and allows failed requests to be retried without the + risk of running the operation twice. + type: string + id: + description: The ID that Resolver assigned to the Resolver rule when + you created it. + type: string + modificationTime: + description: |- + The date and time that the Resolver rule was last updated, in Unix time format + and Coordinated Universal Time (UTC). + type: string + ownerID: + description: |- + When a rule is shared with another Amazon Web Services account, the account + ID of the account that the rule is shared with. + type: string + shareStatus: + description: |- + Whether the rule is shared and, if so, whether the current account is sharing + the rule with another account, or another account is sharing the rule with + the current account. + type: string + status: + description: A code that specifies the current status of the Resolver + rule. + type: string + statusMessage: + description: A detailed description of the status of a Resolver rule. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-route53resolver-controller/1.0.2/metadata/annotations.yaml b/operators/ack-route53resolver-controller/1.0.2/metadata/annotations.yaml new file mode 100644 index 00000000000..58091a2185a --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-route53resolver-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-route53resolver-controller/1.0.2/tests/scorecard/config.yaml b/operators/ack-route53resolver-controller/1.0.2/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-route53resolver-controller/1.0.2/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}