From 735a8455f99e204e3f74acafc80c14e605472d58 Mon Sep 17 00:00:00 2001 From: Gary Vermeulen Date: Thu, 14 Nov 2024 09:52:28 +0000 Subject: [PATCH] layer7-operator-1.1.0 Signed-off-by: Gary Vermeulen --- ...er-manager-metrics-service_v1_service.yaml | 17 + ...-operator-manager-config_v1_configmap.yaml | 18 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 11 + ...7-operator-webhook-service_v1_service.yaml | 22 + ...layer7-operator.clusterserviceversion.yaml | 818 +++ .../security.brcmlabs.com_gateways.yaml | 6387 +++++++++++++++++ .../security.brcmlabs.com_l7apis.yaml | 158 + .../security.brcmlabs.com_l7portals.yaml | 133 + .../security.brcmlabs.com_repositories.yaml | 165 + .../1.1.0/metadata/annotations.yaml | 14 + .../1.1.0/tests/scorecard/config.yaml | 71 + 11 files changed, 7814 insertions(+) create mode 100644 operators/layer7-operator/1.1.0/manifests/layer7-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/layer7-operator-manager-config_v1_configmap.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/layer7-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/layer7-operator-webhook-service_v1_service.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/layer7-operator.clusterserviceversion.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_gateways.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7apis.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7portals.yaml create mode 100644 operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_repositories.yaml create mode 100644 operators/layer7-operator/1.1.0/metadata/annotations.yaml create mode 100644 operators/layer7-operator/1.1.0/tests/scorecard/config.yaml diff --git a/operators/layer7-operator/1.1.0/manifests/layer7-operator-controller-manager-metrics-service_v1_service.yaml b/operators/layer7-operator/1.1.0/manifests/layer7-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..7bd2b0e28e1 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/layer7-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: layer7-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/layer7-operator/1.1.0/manifests/layer7-operator-manager-config_v1_configmap.yaml b/operators/layer7-operator/1.1.0/manifests/layer7-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..c712397ce20 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/layer7-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: d464e6a2.brcmlabs.com +kind: ConfigMap +metadata: + name: layer7-operator-manager-config diff --git a/operators/layer7-operator/1.1.0/manifests/layer7-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/layer7-operator/1.1.0/manifests/layer7-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..6163b8c6395 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/layer7-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: layer7-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/layer7-operator/1.1.0/manifests/layer7-operator-webhook-service_v1_service.yaml b/operators/layer7-operator/1.1.0/manifests/layer7-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..ba06674dded --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/layer7-operator-webhook-service_v1_service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: layer7-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: layer7-operator + name: layer7-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/layer7-operator/1.1.0/manifests/layer7-operator.clusterserviceversion.yaml b/operators/layer7-operator/1.1.0/manifests/layer7-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..1fdf565203d --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/layer7-operator.clusterserviceversion.yaml @@ -0,0 +1,818 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "security.brcmlabs.com/v1", + "kind": "Gateway", + "metadata": { + "name": "ssg" + }, + "spec": { + "app": { + "image": "docker.io/caapim/gateway:11.1.1", + "management": { + "cluster": { + "hostname": "gateway.brcmlabs.com", + "password": "7layer" + }, + "password": "7layer", + "username": "admin" + }, + "replicas": 1, + "service": { + "ports": [ + { + "name": "https", + "port": 8443, + "protocol": "TCP", + "targetPort": 8443 + }, + { + "name": "management", + "port": 9443, + "protocol": "TCP", + "targetPort": 9443 + } + ], + "type": "LoadBalancer" + } + }, + "license": { + "accept": false, + "secretName": "gateway-license" + }, + "version": "11.1.1" + }, + "status": {} + }, + { + "apiVersion": "security.brcmlabs.com/v1", + "kind": "Repository", + "metadata": { + "name": "my-repository" + }, + "spec": { + "auth": {}, + "branch": "main", + "enabled": true, + "endpoint": "https://github.com/\u003cusername\u003e/\u003crepository\u003e", + "type": "git" + } + }, + { + "apiVersion": "security.brcmlabs.com/v1alpha1", + "kind": "L7Api", + "metadata": { + "name": "l7api-sample" + }, + "spec": { + "deploymentTags": [ + "ssg", + "ssg1" + ], + "graphmanBundle": "jsongz", + "portalPublished": false, + "serviceUrl": "/v1/api" + } + }, + { + "apiVersion": "security.brcmlabs.com/v1alpha1", + "kind": "L7Portal", + "metadata": { + "name": "dev-portal" + }, + "spec": { + "auth": { + "clientId": "3d8f8967b8e54909b5e9a86e09063406", + "clientSecret": "b40a829f046a451db15aa8be503ea7b3", + "endpoint": "dev-ssg.brcmlabs.com" + }, + "deploymentTags": [ + "ssg" + ], + "enabled": true, + "endpoint": "dev-ssg.brcmlabs.com", + "enrollmentBundle": "", + "portalTenant": "portal" + } + } + ] + capabilities: Basic Install + categories: Security + certified: "false" + containerImage: docker.io/caapim/layer7-operator:v1.1.0 + createdAt: "2024-11-14T06:34:05Z" + description: The Layer7 Operator covers all aspects of deploying, maintaining + and upgrading Layer7 API Gateways in Kubernetes. + operatorframework.io/suggested-namespace: layer7-operator-system + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/caapim/layer7-operator + support: Broadcom Community + name: layer7-operator.v1.1.0 +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Gateway is the Schema for the Gateway Custom Resource + displayName: Gateway + kind: Gateway + name: gateways.security.brcmlabs.com + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: Deployment + name: "" + version: apps/v1 + - kind: HorizontalPodAutoscaler + name: "" + version: autoscaling/v2 + - kind: Ingress + name: "" + version: networking/v1 + - kind: PodDisruptionBudget + name: "" + version: policy/v1 + - kind: Secrets + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + specDescriptors: + - description: App contains application specific configuration for the Gateway + and its deployment + displayName: App + path: app + - description: License for the Major version of Gateway + displayName: License + path: license + - description: Version references the Gateway release that this Operator is + intended to be used with while all supported container gateway versions + will work, some functionality will not be available + displayName: Version + path: version + statusDescriptors: + - displayName: Portal Sync Status + path: PortalSyncStatus + - description: Conditions store the status conditions of Gateway instances + displayName: Conditions + path: conditions + - displayName: Gateway + path: gateway + - description: Image of the Gateway + displayName: Image + path: image + - description: Management Pod is a Gateway with a special annotation is used + as a selector for the management service and applying singleton resources + displayName: Management Pod + path: managementPod + - displayName: Phase + path: phase + - displayName: Ready + path: ready + - description: Replicas is the number of Gateway Pods + displayName: Replicas + path: replicas + - displayName: Repository Status + path: repositoryStatus + - displayName: State + path: state + - description: Version of the Gateway + displayName: Version + path: version + version: v1 + - description: L7Api is the Schema for the l7apis API + displayName: L7 Api + kind: L7Api + name: l7apis.security.brcmlabs.com + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: Secrets + name: "" + version: v1 + specDescriptors: + - description: DeploymentTags target Gateway deployments that this API should + be published to + displayName: DeploymentTags + path: deploymentTags + - description: GraphmanBundle associated with this API currently limited to + Service and Fragments auto generated when PortalMeta is set and PortalPublished + is true + displayName: GraphmanBundle + path: graphmanBundle + - description: L7Portal is the L7Portal that this API is associated with when + Portal Published is true + displayName: L7Portal + path: l7Portal + - description: PortalPublished + displayName: PortalPublished + path: portalPublished + - description: ServiceUrl on the API Gateway + displayName: ServiceUrl + path: serviceUrl + version: v1alpha1 + - description: L7Portal is the Schema for the l7portals API + displayName: L7 Portal + kind: L7Portal + name: l7portals.security.brcmlabs.com + resources: + - kind: ConfigMaps + name: "" + version: v1 + specDescriptors: + - description: Auth - Portal credentials + displayName: Auth + path: auth + - description: Deployment Tags - determines which Gateway deployments these + APIs will be applied to + displayName: DeploymentTags + path: deploymentTags + - description: Enabled - if enabled this Portal and its APIs will be synced + displayName: Enabled + path: enabled + - description: Endoint - Portal endpoint + displayName: Endpoint + path: endpoint + - description: EnrollmentBundle - allows a custom enrollment bundle to be set + in the Portal CR + displayName: EnrollmentBundle + path: enrollmentBundle + - description: Labels - Custom Labels + displayName: Labels + path: labels + - description: PortalTenant is the tenantId of the API Developer Portal + displayName: PortalTenant + path: portalTenant + - description: SyncIntervalSeconds how often the Portal CR is reconciled. Default + is 10 seconds + displayName: SyncIntervalSeconds + path: syncIntervalSeconds + version: v1alpha1 + - description: Repository is the Schema for the repositories API + displayName: Repository + kind: Repository + name: repositories.security.brcmlabs.com + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: Secrets + name: "" + version: v1 + specDescriptors: + - description: Annotations - Custom Annotations + displayName: Annotations + path: annotations + - description: Auth contains a reference to the credentials required to connect + to your Git repository + displayName: Auth + path: auth + - description: Branch - specify which branch to clone if branch and tag are + both specified branch will take precedence and tag will be ignored if branch + and tag are both missing the entire repository will be cloned + displayName: Branch + path: branch + - description: Enabled - if enabled this repository will be synced + displayName: Enabled + path: enabled + - description: Endoint - Git repository endpoint + displayName: Endpoint + path: endpoint + - description: Labels - Custom Labels + displayName: Labels + path: labels + - description: LocalReference lets the Repository controller use a local Kubernetes + Secret as a repository source This is not currently implemented + displayName: LocalReference + path: localReference + - description: Remote Name - defaults to "origin" + displayName: RemoteName + path: remoteName + - description: RepositorySyncConfig defines how often this repository is synced + displayName: RepositorySyncConfig + path: sync + - description: Tag - clone a specific tag. tags do not change, once cloned this + will not be checked for updates + displayName: Tag + path: tag + - description: Type of Repository - Git, HTTP, Local + displayName: Type + path: type + statusDescriptors: + - description: Commit is either current git commit that has been synced or a + sha1sum of the http repository contents + displayName: Commit + path: commit + - description: Ready to apply to Gateway Deployments + displayName: Ready + path: ready + - description: StorageSecretName is the Kubernetes Secret that this repository + is stored in + displayName: Storage Secret Name + path: storageSecretName + - description: Updated the last time this repository was successfully updated + displayName: Updated + path: updated + version: v1 + description: | + The [Layer7 Operator](https://github.com/CAAPIM/layer7-operator) covers all aspects of deploying, maintaining and upgrading Layer7 API Gateways in Kubernetes. The Layer7 Operator is exclusive to Kubernetes and utilizes the Container Gateway with specific emphasis on running in Ephemeral mode (without an external MySQL policy database). + + ## Getting Started + This [Getting Started](https://github.com/CAAPIM/layer7-operator/wiki/Getting-Started) guide covers a simple introduction to the Layer7 Operator. You can find more documentation [here](https://github.com/CAAPIM/layer7-operator/wiki). + displayName: Layer7 Operator + icon: + - base64data:  + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.brcmlabs.com + resources: + - gateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.brcmlabs.com + resources: + - gateways/finalizers + verbs: + - update + - apiGroups: + - security.brcmlabs.com + resources: + - gateways/status + verbs: + - get + - patch + - update + - apiGroups: + - security.brcmlabs.com + resources: + - repositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.brcmlabs.com + resources: + - repositories/finalizers + verbs: + - update + - apiGroups: + - security.brcmlabs.com + resources: + - repositories/status + verbs: + - get + - patch + - update + - apiGroups: + - security.brcmlabs.com + resources: + - l7apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.brcmlabs.com + resources: + - l7apis/status + verbs: + - get + - patch + - update + - apiGroups: + - security.brcmlabs.com + resources: + - l7portals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.brcmlabs.com + resources: + - l7portals/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: layer7-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: layer7-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --zap-log-level=info + - --zap-time-encoding=rfc3339nano + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: ENABLE_WEBHOOK + value: "true" + - name: HTTP_PROXY + - name: HTTPS_PROXY + - name: NO_PROXY + - name: ENABLE_OTEL + value: "false" + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: localhost:4317 + - name: OTEL_METRIC_PREFIX + value: layer7_ + image: docker.io/caapim/layer7-operator:v1.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: layer7-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: layer7-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - layer7-operator + links: + - name: Layer7 Operator + url: https://github.com/caapim/layer7-operator + maintainers: + - email: gary.vermeulen@broadcom.com + name: Gary Vermeulen + maturity: alpha + provider: + name: Broadcom + url: https://www.broadcom.com/ + version: 1.1.0 + replaces: layer7-operator.v1.0.7 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: layer7-operator-controller-manager + failurePolicy: Fail + generateName: mgateway.kb.io + rules: + - apiGroups: + - security.brcmlabs.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-security-brcmlabs-com-v1-gateway + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: layer7-operator-controller-manager + failurePolicy: Fail + generateName: mrepository.kb.io + rules: + - apiGroups: + - security.brcmlabs.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - repositories + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-security-brcmlabs-com-v1-repository + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: layer7-operator-controller-manager + failurePolicy: Fail + generateName: vgateway.kb.io + rules: + - apiGroups: + - security.brcmlabs.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-security-brcmlabs-com-v1-gateway + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: layer7-operator-controller-manager + failurePolicy: Fail + generateName: vrepository.kb.io + rules: + - apiGroups: + - security.brcmlabs.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - repositories + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-security-brcmlabs-com-v1-repository diff --git a/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_gateways.yaml b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_gateways.yaml new file mode 100644 index 00000000000..0c8817848c9 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_gateways.yaml @@ -0,0 +1,6387 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: layer7-operator-system/layer7-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: gateways.security.brcmlabs.com +spec: + group: security.brcmlabs.com + names: + kind: Gateway + listKind: GatewayList + plural: gateways + shortNames: + - gws + - gw + - l7gw + - l7gws + - l7gateway + - l7gateways + singular: gateway + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Gateway is the Schema for the Gateway Custom Resource + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object + type: string + kind: + description: Kind is a string value representing the REST resource this + object represent + type: string + metadata: + type: object + spec: + description: GatewaySpec defines the desired state of Gateway + properties: + app: + description: App contains application specific configuration for the + Gateway and its dep + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affini + items: + description: An empty preferred scheduling term matches + all objects with implicit weight + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: 'A node selector requirement + is a selector that contains values, a key, + and ' + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: 'A node selector requirement + is a selector that contains values, a key, + and ' + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: 'Weight associated with matching the + corresponding nodeSelectorTerm, in the ' + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + schedul + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: 'A node selector requirement + is a selector that contains values, a key, + and ' + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: 'A node selector requirement + is a selector that contains values, a key, + and ' + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affini + items: + description: 'The weights of all of the matched WeightedPodAffinityTerm + fields are added ' + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + type: string + values: + description: values is an array of + string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be take + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be t + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + type: string + values: + description: values is an array of + string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located + (affinity) or not co-located (anti-affinity) ' + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the r + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + schedul + items: + description: "Defines a set of pods (namely those matching + the labelSelector\nrelative to " + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. + items: + description: A label selector requirement + is a selector that contains values, a key, + and + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. + type: string + values: + description: values is an array of string + values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be take + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be t + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. + items: + description: A label selector requirement + is a selector that contains values, a key, + and + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. + type: string + values: + description: values is an array of string + values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) ' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-a + items: + description: 'The weights of all of the matched WeightedPodAffinityTerm + fields are added ' + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + type: string + values: + description: values is an array of + string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be take + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be t + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + type: string + values: + description: values is an array of + string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located + (affinity) or not co-located (anti-affinity) ' + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the r + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + sc + items: + description: "Defines a set of pods (namely those matching + the labelSelector\nrelative to " + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. + items: + description: A label selector requirement + is a selector that contains values, a key, + and + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. + type: string + values: + description: values is an array of string + values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be take + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be t + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. + items: + description: A label selector requirement + is a selector that contains values, a key, + and + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. + type: string + values: + description: values is an array of string + values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) ' + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations for Operator managed resources, these + do not apply to services ' + type: object + autoMountServiceAccountToken: + description: AutoMountServiceAccountToken optionally adds the + Gateway Container's Kubern + type: boolean + autoscaling: + description: Autoscaling configuration for the Gateway + properties: + enabled: + description: Enabled or disabled + type: boolean + hpa: + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the targ + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during sc + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified pa + properties: + periodSeconds: + description: periodSeconds specifies the + window of time for which the policy should + hold + format: int32 + type: integer + type: + description: type is used to specify the + scaling policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. + type: string + stabilizationWindowSeconds: + description: stabilizationWindowSeconds is the + number of seconds for which past recommen + format: int32 + type: integer + type: object + scaleUp: + description: scaleUp is scaling policy for scaling + Up. + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during sc + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified pa + properties: + periodSeconds: + description: periodSeconds specifies the + window of time for which the policy should + hold + format: int32 + type: integer + type: + description: type is used to specify the + scaling policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. + type: string + stabilizationWindowSeconds: + description: stabilizationWindowSeconds is the + number of seconds for which past recommen + format: int32 + type: integer + type: object + type: object + maxReplicas: + description: MaxReplicas + format: int32 + type: integer + metrics: + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + r + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metri + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all re + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageVa + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernet + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. + type: string + values: + description: values is an array + of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metri + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all re + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageVa + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for exampl + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name ap + properties: + apiVersion: + description: apiVersion is the API version + of the referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. + type: string + values: + description: values is an array + of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metri + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all re + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageVa + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (fo + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given + metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. + items: + description: A label selector requirement + is a selector that contains values, + a key, and + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. + type: string + values: + description: values is an array + of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metri + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all re + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageVa + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests a + properties: + name: + description: name is the name of the resource + in question. + type: string + target: + description: target specifies the target value + for the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metri + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all re + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the + metric type is Utilization, Value, or + AverageVa + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of + the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: type is the type of metric source. + type: string + required: + - type + type: object + type: array + minReplicas: + description: MinReplicas + format: int32 + type: integer + type: object + type: object + bootstrap: + description: 'Bootstrap - optionally add a bootstrap script to + the Gateway that migrates ' + properties: + script: + description: BootstrapScript - enable/disable this functionality + properties: + enabled: + description: Enabled or disabled + type: boolean + type: object + type: object + bundle: + items: + description: Bundle A Restman or Graphman bundle + properties: + csi: + description: ConfigMap ConfigMap `json:"configMap,omitempty"` + properties: + driver: + description: Driver is the secretstore csi driver + type: string + readOnly: + description: ReadOnly + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + type: object + name: + type: string + source: + description: Source + type: string + type: + description: Type can be restman or graphman + type: string + type: object + type: array + containerSecurityContext: + description: SecurityContext holds security configuration that + will be applied to a cont + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to use + by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded + on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor profile + will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp profile + will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. + type: string + type: object + type: object + customConfig: + description: 'CustomConfig Certain folders on the Container Gateway + are not writeable by ' + properties: + enabled: + description: Enabled or disabled + type: boolean + mounts: + items: + description: CustomConfigMount + properties: + mountPath: + description: MountPath is the location on the container + gateway this should go + type: string + name: + description: Name is the mount name + type: string + ref: + description: ConfigRef configures the secret or configmap + for a CustomConfigMount + properties: + item: + description: ConfigRefItem is the key in the secret + or configmap to mount, path is where + properties: + key: + type: string + path: + type: string + type: object + name: + description: Name of the Secret or Configmap which + already exists in Kubernetes + type: string + type: + description: Type is secret or configmap + type: string + type: object + subPath: + description: SubPath is the file name + type: string + type: object + type: array + type: object + customHosts: + properties: + enabled: + description: Enabled or disabled + type: boolean + hostAliases: + items: + description: 'HostAlias holds the mapping between IP and + hostnames that will be injected ' + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + type: object + cwp: + description: ClusterProperties are key value pairs of additional + cluster-wide properties + properties: + enabled: + description: Enabled bootstraps clusterProperties to the Gateway + type: boolean + properties: + description: Properties are key/value pairs + items: + description: Property is a simple k/v pair + properties: + name: + description: Name + type: string + value: + description: Value + type: string + type: object + type: array + type: object + externalCerts: + items: + description: ExternalCert is a reference to an existing TLS + or Opaque Secret in Kubernet + properties: + enabled: + description: Enabled or disabled + type: boolean + name: + description: Name of the Secret which already exists in + Kubernetes + type: string + revocationCheckPolicyName: + type: string + revocationCheckPolicyType: + type: string + trustAnchor: + type: boolean + trustedFor: + items: + type: string + type: array + verifyHostname: + type: boolean + type: object + type: array + externalKeys: + items: + description: |- + ExternalKey is a reference to an existing TLS Secret in Kubernetes + The Laye + properties: + alias: + description: |- + Alias overrides the key name that is stored in the Gateway + This is useful f + type: string + enabled: + description: Enabled or disabled + type: boolean + keyUsageType: + description: |- + KeyUsageType allows keys to be marked as special purpose + only one key usage + type: string + name: + description: Name of the kubernetes.io/tls Secret which + already exists in Kubernetes + type: string + type: object + type: array + externalSecrets: + items: + description: |- + ExternalSecret is a reference to an existing secret in Kubernetes + The Layer + properties: + description: + description: Description given the Stored Password in the + Gateway + type: string + enabled: + description: Enabled or disabled + type: boolean + encryption: + description: 'BundleEncryption allows setting an encryption + passphrase per repository or ' + properties: + existingSecret: + description: ExistingSecret - reference to an existing + secret + type: string + key: + description: Key - the key in the kubernetes secret + that the encryption passphrase is st + type: string + passphrase: + description: Passphrase - bundle encryption passphrase + in plaintext + type: string + type: object + name: + description: Name of the Opaque/Generic Secret which already + exists in Kubernetes + type: string + variableReferencable: + description: VariableReferencable permits/restricts use + of the Stored Password in policy + type: boolean + type: object + type: array + hazelcast: + properties: + endpoint: + description: |- + Endpoint is the hazelcast server and port + my.hazelcast:5701 + type: string + external: + description: 'External set to true adds config for an external + Hazelcast instance to the ' + type: boolean + type: object + image: + description: Image is the Gateway image + type: string + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + imagePullSecrets: + items: + description: |- + LocalObjectReference contains enough information to let you locate the + refe + properties: + name: + default: "" + description: Name of the referent. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + ingress: + properties: + annotations: + additionalProperties: + type: string + description: Annotations for the ingress resource + type: object + enabled: + description: Enabled or disabled + type: boolean + ingressClassName: + description: IngressClassName + type: string + route: + description: |- + Route for Openshift + This acts as an override + properties: + host: + type: string + path: + type: string + port: + description: RoutePort defines a port mapping from a router + to an endpoint in the servic + properties: + targetPort: + anyOf: + - type: integer + - type: string + description: The target port on pods selected by the + service this route points to. + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + tls: + description: TLSConfig defines config used to secure a + route and provide termination + properties: + caCertificate: + description: caCertificate provides the cert authority + certificate contents + type: string + certificate: + description: certificate provides certificate contents. + type: string + destinationCACertificate: + description: destinationCACertificate provides the + contents of the ca certificate of the + type: string + externalCertificate: + description: externalCertificate provides certificate + contents as a secret reference. + properties: + name: + description: |- + name of the referent. + More info: https://kubernetes. + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + description: insecureEdgeTerminationPolicy indicates + the desired behavior for insecure c + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + description: key provides key file contents + type: string + termination: + description: termination indicates termination type. + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: passthrough + and spec.tls.insecureEdgeTerminationPolicy: Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + wildcardPolicy: + description: WildcardPolicyType indicates the type of + wildcard support needed by routes. + type: string + type: object + rules: + description: Rules + items: + description: IngressRule represents the rules mapping the + paths under a specified host t + properties: + host: + description: host is the fully qualified domain name + of a network host, as defined by RF + type: string + http: + description: HTTPIngressRuleValue is a list of http + selectors pointing to backends. + properties: + paths: + description: paths is a collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates a path + with a backend. + properties: + backend: + description: |- + backend defines the referenced service endpoint to which the traffic + will b + properties: + resource: + description: |- + resource is an ObjectRef to another Kubernetes resource in the namespace + of + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + service: + description: service references a service + as a backend. + properties: + name: + description: name is the referenced + service. + type: string + port: + description: port of the referenced + service. + properties: + name: + description: name is the name + of the port on the Service. + type: string + number: + description: number is the numerical + port number (e.g. 80) on the + Service. + format: int32 + type: integer + type: object + required: + - name + type: object + type: object + path: + description: path is matched against the path + of an incoming request. + type: string + pathType: + description: pathType determines the interpretation + of the path matching. + type: string + required: + - backend + - pathType + type: object + type: array + x-kubernetes-list-type: atomic + required: + - paths + type: object + type: object + type: array + tls: + description: TLS + items: + description: IngressTLS describes the transport layer security + associated with an ingres + properties: + hosts: + description: hosts is a list of hosts included in the + TLS certificate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + description: "secretName is the name of the secret used + to terminate TLS traffic on\nport " + type: string + type: object + type: array + type: + description: Type ingress or route + type: string + type: object + initContainers: + items: + description: A single application container that you want to + run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined e + type: string + valueFrom: + description: Source for the environment variable's + value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1 + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (li + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take + in response to container lif + properties: + postStart: + description: PostStart is called immediately after a + container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that + the container should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + AP + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that + the container should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: Name of the resource to which this resource + resize policy applies. + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + properties: + claims: + description: Claims lists the names of resources, defined + in spec. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of + compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of + compute resources required. + type: object + type: object + restartPolicy: + description: RestartPolicy defines the restart behavior + of individual containers in a po + type: string + securityContext: + description: SecurityContext defines the security options + the container should be run wi + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor + profile will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp + profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: 'Whether this container should allocate a buffer + for stdin in the container ' + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has b + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination messa' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. + type: string + tty: + description: Whether this container should allocate a TTY + for itself, also requires 'std + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapp + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to cont + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recu + type: string + subPath: + description: Path within the volume from which the + container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + java: + description: Java configuration for the Gateway + properties: + extraArgs: + description: ExtraArgs java + items: + type: string + type: array + jvmHeap: + properties: + calculate: + description: |- + Calculate the JVMHeap size based on resource requests and limits + if resourc + type: boolean + default: + description: Default Heap Size to use if calculate is + false or requests.limits. + type: string + maxDefault: + description: Default Max Heap Size to use if calculate + is false or requests.limits. + type: string + maxPercentage: + type: integer + minDefault: + description: Default Min Heap Size to use if calculate + is false or requests.limits. + type: string + minPercentage: + type: integer + percentage: + description: Percentage of requests.limits. + type: integer + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels for Operator managed resources + type: object + lifecycleHooks: + description: Lifecycle describes actions that the management system + should take in respo + properties: + postStart: + description: PostStart is called immediately after a container + is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that the container + should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + AP + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that the container + should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + listenPorts: + description: 'ListenPorts The Layer7 Gateway instantiates the + following HTTP(s) ports by ' + properties: + custom: + description: CustomListenPort - enable/disable custom listen + ports + properties: + enabled: + description: Enabled or disabled + type: boolean + type: object + harden: + description: Harden + type: boolean + ports: + items: + description: ListenPort is translated into a Restman Bundle + properties: + enabled: + description: Enabled or disabled + type: boolean + managementFeatures: + description: |- + ManagementFeatures that should be available on this port + - Published servic + items: + type: string + type: array + name: + description: Name of the listen port + type: string + port: + description: Port + type: integer + properties: + items: + description: Property is a simple k/v pair + properties: + name: + description: Name + type: string + value: + description: Value + type: string + type: object + type: array + protocol: + description: Protocol + type: string + tls: + description: Tls configuration for Gateway Ports + properties: + cipherSuites: + description: "CipherSuites\n\t- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n\t- + TLS_ECDHE_ECDSA_WI" + items: + type: string + type: array + clientAuthentication: + description: |- + ClientAuthentication MTLS for the Port + None, Optional, Required + type: string + enabled: + description: Enabled or disabled + type: boolean + privateKey: + description: PrivateKey the Port should use + type: string + useCipherSuitesOrder: + description: UseCipherSuitesOrder + type: boolean + versions: + description: |- + Versions of TLS + - TLS1.0 (not recommended) + - TLS1. + items: + type: string + type: array + type: object + type: object + type: array + refreshOnKeyChanges: + description: |- + Refresh on Key Changes + If harden is true, the auto generated port bundle wi + type: boolean + type: object + livenessProbe: + description: Probe describes a health check to be performed against + a container to deter + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + log: + properties: + override: + description: Override default log properties + type: boolean + properties: + type: string + type: object + management: + description: Management defines configuration for Gateway Managment. + properties: + cluster: + description: Cluster is gateway cluster configuration + properties: + hostname: + description: Hostname is the Gateway Cluster Hostname + type: string + password: + description: Password is the Gateway Cluster Passphrase + type: string + required: + - hostname + type: object + database: + description: Database configuration for the Gateway + properties: + enabled: + description: Enabled or disabled + type: boolean + jdbcUrl: + description: JDBCUrl for the Gateway + type: string + liquibaseLogLevel: + description: LiquibaseLogLevel + type: string + password: + description: Password MySQL - can be set in management.secretName + type: string + username: + description: Username MySQL - can be set in management.secretName + type: string + type: object + disklessConfig: + properties: + csi: + description: CSI volume configuration + properties: + driver: + description: Driver is the secretstore csi driver + type: string + readOnly: + description: ReadOnly + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + type: object + disabled: + description: |- + The Container Gateway uses diskless config by default + Disabling it will swi + type: boolean + type: object + graphman: + description: Graphman is a GraphQL Gateway Management interface + that can be automaticall + properties: + dynamicSyncPort: + description: DynamicSyncPort is the Port the Gateway controller + uses to apply dynamic re + type: integer + enabled: + description: Enabled optionally bootstrap the GraphQL + Gateway Management Service + type: boolean + initContainerImage: + description: InitContainerImage is the image used to bootstrap + static repositories + type: string + initContainerImagePullPolicy: + description: InitContainerPullPolicy + type: string + initContainerSecurityContext: + description: ContainerSecurityContext + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor + profile will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp + profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. + type: string + type: object + type: object + type: object + password: + description: Password is the Gateway Admin password + type: string + restman: + description: Restman is a Gateway Management interface that + can be automatically provisi + properties: + enabled: + description: Enabled optionally bootstrap the Restman + Gateway Managment API + type: boolean + type: object + secretName: + description: |- + SecretName is reference to an existing secret that contains + SSG_ADMIN_USERN + type: string + service: + description: Service is the Gateway Management Service + properties: + allocateLoadBalancerNodePorts: + type: boolean + annotations: + additionalProperties: + type: string + description: Annotations for the service + type: object + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + enabled: + description: Enabled or disabled + type: boolean + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + description: ServiceExternalTrafficPolicy describes how + nodes distribute service traffic + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + description: ServiceInternalTrafficPolicy describes how + nodes distribute service traffic + type: string + ipFamilies: + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by a Se + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + description: |- + Ports exposed by the Service + These are appended to the Gateway deployment c + items: + description: Ports + properties: + name: + description: Name of the Port + type: string + nodePort: + format: int32 + type: integer + port: + description: Port number + format: int32 + type: integer + protocol: + description: Protocol + type: string + targetPort: + description: TargetPort on the Gateway Application + format: int32 + type: integer + type: object + type: array + sessionAffinity: + description: Session Affinity Type string + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. + format: int32 + type: integer + type: object + type: object + type: + description: Type ClusterIP, NodePort, LoadBalancer + type: string + type: object + username: + description: Username is the Gateway Admin username + type: string + required: + - cluster + type: object + nodeSelector: + additionalProperties: + type: string + type: object + otk: + properties: + database: + description: Database configuration + properties: + auth: + description: Auth for the OTK Database + properties: + admin: + description: AdminUser for database creation + properties: + password: + type: string + username: + type: string + type: object + existingSecret: + description: |- + ExistingSecret containing database credentials + The following keys can be se + type: string + gateway: + description: GatewayUser configured in the Gateway + OAuth Database Connection entity + properties: + password: + type: string + username: + type: string + type: object + readOnly: + description: ReadOnlyUser for Oracle/MySQL + properties: + password: + type: string + username: + type: string + type: object + type: object + cassandra: + description: Cassandra configuration + properties: + connectionPoints: + type: string + driverConfig: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + description: DriverConfig is supported from GW 11.x + type: object + keySpace: + type: string + port: + type: string + type: object + connectionName: + description: ConnectionName for the JDBC or Cassandra + Connection Gateway entity + type: string + create: + description: Create the OTK database. Only applies to + oracle and mysql + type: boolean + createReadOnlySqlConnection: + description: CreateReadOnlySqlConnection + type: boolean + properties: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + description: Properties + type: object + sql: + description: SQL configuration + properties: + connectionProperties: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + databaseName: + description: ConnectionName string `json:"connectionName,omitempty"` + type: string + databaseWaitTimeout: + description: DatabaseWaitTimeout applies to the db-initcontainer + only + type: integer + jdbcDriverClass: + description: |- + JDBCDriverClass to use in the Gateway JDBC Connection entity + defaults to co + type: string + jdbcUrl: + description: JDBCUrl for the OTK + type: string + manageSchema: + description: 'ManageSchema appends an additional initContainer + for the OTK that connects ' + type: boolean + type: object + sqlReadOnly: + description: SqlReadOnly configuration + properties: + connectionProperties: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + databaseName: + description: ConnectionName string `json:"connectionName,omitempty"` + type: string + databaseWaitTimeout: + description: DatabaseWaitTimeout applies to the db-initcontainer + only + type: integer + jdbcDriverClass: + description: |- + JDBCDriverClass to use in the Gateway JDBC Connection entity + defaults to co + type: string + jdbcUrl: + description: JDBCUrl for the OTK + type: string + manageSchema: + description: 'ManageSchema appends an additional initContainer + for the OTK that connects ' + type: boolean + type: object + sqlReadOnlyConnectionName: + description: SqlReadOnlyConnectionName for the JDBC or + Cassandra Connection Gateway enti + type: string + type: + description: Type of OTK Database + type: string + type: object + dmzGatewayReference: + description: OTKPort is used in Single mode - sets the otk. + type: string + enabled: + description: Enable or disable the OTK initContainer + type: boolean + initContainerImage: + description: InitContainerImage for the initContainer + type: string + initContainerImagePullPolicy: + description: InitContainerImagePullPolicy + type: string + initContainerSecurityContext: + description: InitContainerSecurityContext + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to + use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor + profile will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp + profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. + type: string + type: object + type: object + internalGatewayPort: + description: InternalGatewayPort defaults to 9443 or graphmanDynamicSync + port + type: integer + internalGatewayReference: + description: 'InternalOtkGatewayReference to an Operator managed + Gateway deployment that ' + type: string + maintenanceTasks: + description: 'MaintenanceTasks for the OTK database - these + are run by calling a Gateway ' + properties: + enabled: + description: Enable or disable database maintenance tasks + type: boolean + operatorManaged: + description: OperatorManaged lets the Operator configure + a hardened version of the db-ma + type: boolean + periodSeconds: + description: Period in seconds between maintenance task + runs + format: int64 + type: integer + uri: + description: |- + Uri for custom db-maintenance services + Corresponding maintenance policy mus + type: string + type: object + overrides: + description: Overrides default OTK install functionality + properties: + bootstrapDirectory: + description: BootstrapDirectory that is used for the initContainer + the default is /opt/S + type: string + createTestClients: + description: CreateTestClients for mysql & oracle setup + test clients + type: boolean + enabled: + description: Enable or disable otk overrides + type: boolean + managePostInstallPolicies: + description: ManagePostInstallConfig represent post-installation + tasks required for inte + type: boolean + skipInternalServerTools: + description: |- + SkipInternalServerTools subSolutionKit install + defaults to false + type: boolean + skipPortalIntegrationComponents: + description: SkipPortalIntegrationComponents subSolutionKit + install. + type: boolean + testClientsRedirectUrlPrefix: + description: TestClientsRedirectUrlPrefix. Required if + createTestClients is true. + type: string + type: object + port: + description: defaults to 8443 + type: integer + runtimeSyncIntervalSeconds: + description: RuntimeSyncIntervalSeconds how often OTK Gateways + should be updated in inte + type: integer + subSolutionKitNames: + description: A list of subSolutionKitNames - all,internal + or dmz cover the primary use c + items: + type: string + type: array + type: + description: Type of OTK installation single, internal or + dmz + type: string + type: object + pdb: + description: PodDisruptionBudgetSpec + properties: + enabled: + description: Enabled or disabled + type: boolean + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + podAnnotations: + additionalProperties: + type: string + description: PodAnnotations for Gateway Pods + type: object + podLabels: + additionalProperties: + type: string + description: PodLabels for the Gateway Deployment + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor options to use + by the containers in this po + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded + on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor profile + will be applied. + type: string + required: + - type + type: object + fsGroup: + description: A special supplemental group that applies to + all containers in a pod. + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing + ownership and permission o + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp profile + will be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in add + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings applied to all + containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. + type: string + type: object + type: object + portalReference: + description: PortalReference is for bulk syncing of Portal APIs + via initContainer (boots + properties: + enabled: + description: Enable or disable the Portal reference + type: boolean + initContainerImage: + description: InitContainerImage for the initContainer + type: string + initContainerImagePullPolicy: + description: InitContainerImagePullPolicy + type: string + initContainerSecurityContext: + description: InitContainerSecurityContext + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to + use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor + profile will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp + profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. + type: string + type: object + type: object + portalName: + description: PortalName of the existing L7Portal + type: string + type: object + preStopScript: + description: PreStopScript During upgrades and other events where + Gateway pods are repla + properties: + enabled: + description: Enabled or disabled + type: boolean + excludedPorts: + description: ExcludedPorts is an array of port numbers, if + not set the defaults are 8777 + items: + type: integer + type: array + periodSeconds: + description: PeriodSeconds between checks + type: integer + timeoutSeconds: + description: TimeoutSeconds is the total time this script + should run + type: integer + type: object + readinessProbe: + description: Probe describes a health check to be performed against + a container to deter + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + redis: + properties: + additionalConfigs: + items: + properties: + auth: + description: Auth if using sentinel or standalone (from + Gateway v11.1.00) + properties: + enabled: + description: Enable or disable Redis auth + type: boolean + passwordEncoded: + type: string + passwordPlaintext: + type: string + username: + type: string + type: object + commandTimeout: + description: CommandTimeout for Redis commands + type: integer + connectTimeout: + description: ConnectTimeout for Redis commands + type: integer + enabled: + description: Enable or disable a Redis integration + type: boolean + groupName: + description: GroupName that should be used when connecting + to Redis + type: string + name: + description: Name of the Redis connection, used for + additionalConfigs + type: string + sentinel: + description: Sentinel configuration + properties: + masterSet: + type: string + nodes: + items: + properties: + host: + type: string + port: + type: integer + type: object + type: array + type: object + ssl: + description: TLS configuration if using sentinel or + standalone (from Gateway v11.1.00) + properties: + crt: + description: Crt in plaintext + type: string + enabled: + description: If TLS is enabled on the Redis server + set this to true + type: boolean + existingSecretKey: + description: Change if using a different key. Defaults + to redis.crt + type: string + existingSecretName: + description: Reference an existing secret that contains + a key called redis. + type: string + verifyPeer: + description: VerifyPeer + type: boolean + type: object + standalone: + description: Standalone configuration + properties: + host: + type: string + port: + type: integer + type: object + testOnStart: + description: TestOnStart test redis connection on gateway + start + type: boolean + type: + description: Redis Type + type: string + type: object + type: array + certs: + description: 'CertSecrets provides a way to mount secrets + that contains certificates for ' + items: + properties: + enabled: + description: Enable or disable an additional mount for + redis certificates + type: boolean + key: + description: Key must match the crt that is defined + in redis.existingSecret + type: string + secretName: + type: string + type: object + type: array + default: + properties: + auth: + description: Auth if using sentinel or standalone (from + Gateway v11.1.00) + properties: + enabled: + description: Enable or disable Redis auth + type: boolean + passwordEncoded: + type: string + passwordPlaintext: + type: string + username: + type: string + type: object + commandTimeout: + description: CommandTimeout for Redis commands + type: integer + connectTimeout: + description: ConnectTimeout for Redis commands + type: integer + enabled: + description: Enable or disable a Redis integration + type: boolean + groupName: + description: GroupName that should be used when connecting + to Redis + type: string + name: + description: Name of the Redis connection, used for additionalConfigs + type: string + sentinel: + description: Sentinel configuration + properties: + masterSet: + type: string + nodes: + items: + properties: + host: + type: string + port: + type: integer + type: object + type: array + type: object + ssl: + description: TLS configuration if using sentinel or standalone + (from Gateway v11.1.00) + properties: + crt: + description: Crt in plaintext + type: string + enabled: + description: If TLS is enabled on the Redis server + set this to true + type: boolean + existingSecretKey: + description: Change if using a different key. Defaults + to redis.crt + type: string + existingSecretName: + description: Reference an existing secret that contains + a key called redis. + type: string + verifyPeer: + description: VerifyPeer + type: boolean + type: object + standalone: + description: Standalone configuration + properties: + host: + type: string + port: + type: integer + type: object + testOnStart: + description: TestOnStart test redis connection on gateway + start + type: boolean + type: + description: Redis Type + type: string + type: object + enabled: + description: Enable or disable a Redis integration + type: boolean + existingSecret: + description: "ExistingSecret mounts an existing secret containing + redis configuration\nto " + type: string + type: object + replicas: + description: Replicas to deploy, overridden if autoscaling is + enabled + format: int32 + type: integer + repositoryReferences: + description: RepositorySyncIntervalSeconds is the period of time + between attempts to app + items: + description: 'RepositoryReference is reference to a Git repository + or HTTP endpoint that ' + properties: + directories: + description: "Directories from the remote repository to + sync with the Gateway\nLimited to " + items: + type: string + type: array + enabled: + description: Enabled or disabled + type: boolean + encryption: + description: 'BundleEncryption allows setting an encryption + passphrase per repository or ' + properties: + existingSecret: + description: ExistingSecret - reference to an existing + secret + type: string + key: + description: Key - the key in the kubernetes secret + that the encryption passphrase is st + type: string + passphrase: + description: Passphrase - bundle encryption passphrase + in plaintext + type: string + type: object + name: + description: Name of the existing repository + type: string + notification: + description: This is currently configured for Slack + properties: + channel: + properties: + webhook: + properties: + auth: + properties: + password: + type: string + token: + type: string + type: + type: string + username: + type: string + type: object + headers: + additionalProperties: + type: string + type: object + insecureSkipVerify: + type: boolean + url: + type: string + type: object + type: object + enabled: + type: boolean + name: + type: string + type: object + type: + description: |- + Type static or dynamic + static repositories are bootstrapped to the containe + type: string + required: + - enabled + type: object + type: array + resources: + description: PodResources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, quantity) + pairs. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, quantity) + pairs. + type: object + type: object + restartOnConfigChange: + description: RestartOnConfigChange restarts the Gateway if the + default configmaps are up + type: boolean + service: + description: Service + properties: + allocateLoadBalancerNodePorts: + type: boolean + annotations: + additionalProperties: + type: string + description: Annotations for the service + type: object + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + enabled: + description: Enabled or disabled + type: boolean + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + description: ServiceExternalTrafficPolicy describes how nodes + distribute service traffic + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + description: ServiceInternalTrafficPolicy describes how nodes + distribute service traffic + type: string + ipFamilies: + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by a Se + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + description: |- + Ports exposed by the Service + These are appended to the Gateway deployment c + items: + description: Ports + properties: + name: + description: Name of the Port + type: string + nodePort: + format: int32 + type: integer + port: + description: Port number + format: int32 + type: integer + protocol: + description: Protocol + type: string + targetPort: + description: TargetPort on the Gateway Application + format: int32 + type: integer + type: object + type: array + sessionAffinity: + description: Session Affinity Type string + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. + format: int32 + type: integer + type: object + type: object + type: + description: Type ClusterIP, NodePort, LoadBalancer + type: string + type: object + serviceAccount: + description: ServiceAccount to use for the Gateway Deployment + properties: + create: + description: Create a service account for the Gateway Deployment + type: boolean + name: + description: Name of the service account + type: string + type: object + sidecars: + items: + description: A single application container that you want to + run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined e + type: string + valueFrom: + description: Source for the environment variable's + value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1 + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (li + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: Name of the referent. + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take + in response to container lif + properties: + postStart: + description: PostStart is called immediately after a + container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that + the container should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + AP + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: 'Sleep represents the duration that + the container should sleep before being ' + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: Name of the resource to which this resource + resize policy applies. + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + properties: + claims: + description: Claims lists the names of resources, defined + in spec. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of + compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of + compute resources required. + type: object + type: object + restartPolicy: + description: RestartPolicy defines the restart behavior + of individual containers in a po + type: string + securityContext: + description: SecurityContext defines the security options + the container should be run wi + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privilege + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used + type: string + type: + description: type indicates which kind of AppArmor + profile will be applied. + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should b + type: string + type: + description: type indicates which kind of seccomp + profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' con + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working di + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after ha + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: | + Service is the name of the service to place in the gRPC HealthCheckRequest + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has + started before liveness probes ar + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful aft + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon pro + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: 'Whether this container should allocate a buffer + for stdin in the container ' + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has b + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination messa' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. + type: string + tty: + description: Whether this container should allocate a TTY + for itself, also requires 'std + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapp + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to cont + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recu + type: string + subPath: + description: Path within the volume from which the + container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + singletonExtraction: + description: SingletonExtraction works with the Gateway in Ephemeral + mode. + type: boolean + system: + description: System + properties: + properties: + description: Properties for the Gateway + type: string + type: object + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds is the time kubernetes + will wait for the Gate + format: int64 + type: integer + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the + properties: + effect: + description: Effect indicates the taint effect to match. + type: string + key: + description: Key is the taint key that the toleration applies + to. + type: string + operator: + description: Operator represents a key's relationship to + the value. + type: string + tolerationSeconds: + description: 'TolerationSeconds represents the period of + time the toleration (which must ' + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the gi + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. + items: + description: A label selector requirement is a selector + that contains values, a key, and + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spr + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods + may be unevenly distributed. + format: int32 + type: integer + minDomains: + description: MinDomains indicates a minimum number of eligible + domains. + format: int32 + type: integer + nodeAffinityPolicy: + description: NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelec + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + p + type: string + topologyKey: + description: TopologyKey is the key of node labels. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + th + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy for the Gateway Deployment + properties: + rollingUpdate: + description: Spec to control the desired behavior of rolling + update. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: The maximum number of pods that can be scheduled + above the desired number o + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: The maximum number of pods that can be unavailable + during the update. + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + license: + description: License for the Major version of Gateway + properties: + accept: + type: boolean + secretName: + description: |- + SecretName is the Kubernetes Secret that contains the Gateway license + There + type: string + required: + - accept + - secretName + type: object + version: + description: Version references the Gateway release that this Operator + is intended to be + type: string + required: + - app + - license + type: object + status: + description: GatewayStatus defines the observed state of Gateways + properties: + PortalSyncStatus: + description: PortalSyncStatus tracks the status of which portals are + synced with a gatew + properties: + apiCount: + description: ApiCount is number of APIs that are related to the + Referenced Portal + type: integer + lastUpdated: + description: LastUpdated is the last time this status was updated + type: string + name: + description: Name of the L7Portal + type: string + type: object + conditions: + description: Conditions store the status conditions of Gateway instances + items: + description: DeploymentCondition describes the state of a deployment + at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + required: + - status + - type + type: object + type: array + gateway: + items: + description: GatewayState tracks the status of Gateway Resources + properties: + name: + description: Name of the Gateway Pod + type: string + phase: + description: PodPhase is a label for the condition of a pod + at the current time. + type: string + ready: + description: Ready is the state of the Gateway pod + type: boolean + startTime: + description: StartTime is when the Gateway pod was started + type: string + required: + - ready + type: object + type: array + host: + description: Host is the Gateway Cluster Hostname + type: string + image: + description: Image of the Gateway + type: string + lastAppliedClusterProperties: + description: LastAppliedClusterProperties + items: + type: string + type: array + lastAppliedExternalCerts: + additionalProperties: + items: + type: string + type: array + description: LastAppliedExternalCerts + type: object + lastAppliedExternalKeys: + description: LastAppliedExternalKeys + items: + type: string + type: array + lastAppliedExternalSecrets: + additionalProperties: + items: + type: string + type: array + description: LastAppliedExternalSecrets + type: object + lastAppliedListenPorts: + description: LastAppliedClusterProperties + items: + type: string + type: array + managementPod: + description: Management Pod is a Gateway with a special annotation + is used as a selector + type: string + phase: + description: PodPhase is a label for the condition of a pod at the + current time. + type: string + ready: + format: int32 + type: integer + replicas: + description: Replicas is the number of Gateway Pods + format: int32 + type: integer + repositoryStatus: + items: + description: GatewayRepositoryStatus tracks the status of which + Graphman repositories ha + properties: + branch: + description: Branch of the Git repo + type: string + commit: + description: Commit is the last commit that was applied + type: string + enabled: + description: Enabled shows whether or not this repository reference + is enabled + type: boolean + endpoint: + description: Endoint is the Git repo + type: string + name: + description: Name of the Repository Reference + type: string + remoteName: + description: RemoteName + type: string + secretName: + description: SecretName is used to mount the correct repository + secret to the initContai + type: string + storageSecretName: + description: StorageSecretName is used to mount existing repository + bundles to the initC + type: string + tag: + description: Tag is the git tag in the Git repo + type: string + type: + description: Type is static or dynamic + type: string + required: + - enabled + type: object + type: array + state: + description: PodConditionType is a valid value for PodCondition.Type + type: string + version: + description: Version of the Gateway + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7apis.yaml b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7apis.yaml new file mode 100644 index 00000000000..6367de26e91 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7apis.yaml @@ -0,0 +1,158 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: layer7-operator-system/layer7-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: l7apis.security.brcmlabs.com +spec: + group: security.brcmlabs.com + names: + kind: L7Api + listKind: L7ApiList + plural: l7apis + singular: l7api + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: L7Api is the Schema for the l7apis API + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object + type: string + kind: + description: Kind is a string value representing the REST resource this + object represent + type: string + metadata: + type: object + spec: + description: L7ApiSpec defines the desired state of L7Api + properties: + deploymentTags: + description: DeploymentTags target Gateway deployments that this API + should be published + items: + type: string + type: array + graphmanBundle: + description: |- + GraphmanBundle associated with this API + currently limited to Service and Fr + type: string + l7Portal: + description: L7Portal is the L7Portal that this API is associated + with when Portal Publi + type: string + portalMeta: + description: PortalMeta is reserved for the API Developer Portal + properties: + apiId: + type: string + apiUuid: + type: string + checksum: + type: string + createTs: + type: integer + customFieldValues: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + enabled: + type: boolean + locationUrl: + type: string + modifyTs: + type: integer + name: + type: string + policyEntities: + items: + properties: + policyEntityUuid: + type: string + policyTemplateArguments: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + required: + - policyEntityUuid + - policyTemplateArguments + type: object + type: array + publishedTs: + type: integer + serviceId: + type: string + ssgServiceType: + type: string + ssgUrl: + type: string + ssgUrlEncoded: + type: string + tenantId: + type: string + type: object + portalPublished: + description: PortalPublished + type: boolean + serviceUrl: + description: ServiceUrl on the API Gateway + type: string + type: object + status: + description: L7ApiStatus defines the observed state of L7Api + properties: + checksum: + type: string + gateways: + items: + properties: + checksum: + type: string + deployment: + description: Phase corev1. + type: string + lastUpdated: + description: Ready bool `json:"ready,omitempty"` + type: string + name: + type: string + type: object + type: array + ready: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7portals.yaml b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7portals.yaml new file mode 100644 index 00000000000..163e0fb39be --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_l7portals.yaml @@ -0,0 +1,133 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: layer7-operator-system/layer7-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: l7portals.security.brcmlabs.com +spec: + group: security.brcmlabs.com + names: + kind: L7Portal + listKind: L7PortalList + plural: l7portals + singular: l7portal + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: L7Portal is the Schema for the l7portals API + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object + type: string + kind: + description: Kind is a string value representing the REST resource this + object represent + type: string + metadata: + type: object + spec: + description: L7PortalSpec defines the desired state of L7Portal + properties: + auth: + description: Auth - Portal credentials + properties: + clientId: + type: string + clientSecret: + type: string + endpoint: + type: string + existingSecretName: + type: string + type: object + deploymentTags: + description: Deployment Tags - determines which Gateway deployments + these APIs will be a + items: + type: string + type: array + enabled: + description: Enabled - if enabled this Portal and its APIs will be + synced + type: boolean + endpoint: + description: Endoint - Portal endpoint + type: string + enrollmentBundle: + description: EnrollmentBundle - allows a custom enrollment bundle + to be set in the Porta + type: string + labels: + additionalProperties: + type: string + description: Labels - Custom Labels + type: object + portalTenant: + description: PortalTenant is the tenantId of the API Developer Portal + type: string + syncIntervalSeconds: + description: SyncIntervalSeconds how often the Portal CR is reconciled. + type: integer + type: object + status: + description: L7PortalStatus defines the observed state of L7Portal + properties: + apiCount: + type: integer + apiSummaryConfigMap: + type: string + checksum: + type: string + enrollmentBundle: + description: EnrollmentBundle + properties: + lastUpdated: + type: string + secretName: + type: string + type: object + lastUpdated: + format: int64 + type: integer + proxies: + items: + description: GatewayProxy + properties: + gateways: + items: + properties: + lastUpdated: + type: string + name: + type: string + synchronised: + type: boolean + type: object + type: array + name: + type: string + type: + description: Type - Ephemeral or DbBacked + type: string + type: object + type: array + ready: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_repositories.yaml b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_repositories.yaml new file mode 100644 index 00000000000..40f51e640d2 --- /dev/null +++ b/operators/layer7-operator/1.1.0/manifests/security.brcmlabs.com_repositories.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: layer7-operator-system/layer7-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: repositories.security.brcmlabs.com +spec: + group: security.brcmlabs.com + names: + kind: Repository + listKind: RepositoryList + plural: repositories + shortNames: + - repo + - repos + - l7repo + - l7repos + - l7repository + - l7repositories + singular: repository + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Repository is the Schema for the repositories API + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object + type: string + kind: + description: Kind is a string value representing the REST resource this + object represent + type: string + metadata: + type: object + spec: + description: Spec - Repository Spec + properties: + annotations: + additionalProperties: + type: string + description: Annotations - Custom Annotations + type: object + auth: + description: Auth contains a reference to the credentials required + to connect to your Gi + properties: + existingSecretName: + description: ExistingSecretName reference an existing secret + type: string + knownHosts: + description: KnownHosts is required for SSH Auth + type: string + password: + description: |- + Password repository Password + password or token are acceptable + type: string + sshKey: + description: SSHKey for Git SSH Authentication + type: string + sshKeyPass: + description: SSHKeyPass + type: string + token: + description: Token repository Access Token + type: string + type: + description: |- + Auth Type defaults to basic, possible options are + none, basic or ssh + type: string + username: + description: Username repository username + type: string + vendor: + description: Vendor i.e. Github, Gitlab, BitBucket + type: string + type: object + branch: + description: |- + Branch - specify which branch to clone + if branch and tag are both specified + type: string + enabled: + description: Enabled - if enabled this repository will be synced + type: boolean + endpoint: + description: Endoint - Git repository endpoint + type: string + labels: + additionalProperties: + type: string + description: Labels - Custom Labels + type: object + localReference: + description: LocalReference lets the Repository controller use a local + Kubernetes Secret + properties: + secretName: + type: string + type: object + remoteName: + description: Remote Name - defaults to "origin" + type: string + sync: + description: RepositorySyncConfig defines how often this repository + is synced + properties: + interval: + description: Configure how frequently the remote is checked for + new commits + type: integer + type: object + tag: + description: Tag - clone a specific tag. + type: string + type: + description: Type of Repository - Git, HTTP, Local + type: string + type: object + status: + description: Status - Repository Status + properties: + commit: + description: Commit is either current git commit that has been synced + or a sha1sum of th + type: string + lastAppliedSummary: + type: string + name: + description: Name of the Repository + type: string + ready: + description: Ready to apply to Gateway Deployments + type: boolean + storageSecretName: + description: StorageSecretName is the Kubernetes Secret that this + repository is stored i + type: string + summary: + type: string + updated: + description: Updated the last time this repository was successfully + updated + type: string + vendor: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/layer7-operator/1.1.0/metadata/annotations.yaml b/operators/layer7-operator/1.1.0/metadata/annotations.yaml new file mode 100644 index 00000000000..3f489d94a73 --- /dev/null +++ b/operators/layer7-operator/1.1.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +--- +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: layer7-operator + operators.operatorframework.io.bundle.channels.v1: preview + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/layer7-operator/1.1.0/tests/scorecard/config.yaml b/operators/layer7-operator/1.1.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..0266180c079 --- /dev/null +++ b/operators/layer7-operator/1.1.0/tests/scorecard/config.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.33.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}