Skip to content

Commit

Permalink
operator sailoperator (0.1.0-nightly-2024-08-06) (#4910)
Browse files Browse the repository at this point in the history
Signed-off-by: Jonh Wendell <[email protected]>
Co-authored-by: Jonh Wendell <[email protected]>
  • Loading branch information
openshift-service-mesh-bot and jwendell authored Aug 6, 2024
1 parent 6cb22ff commit e0aa0c9
Show file tree
Hide file tree
Showing 23 changed files with 33,464 additions and 0 deletions.
465 changes: 465 additions & 0 deletions operators/sailoperator/0.1.0-nightly-2024-08-06/README.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,298 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: wasmplugins.extensions.istio.io
spec:
group: extensions.istio.io
names:
categories:
- istio-io
- extensions-istio-io
kind: WasmPlugin
listKind: WasmPluginList
plural: wasmplugins
singular: wasmplugin
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: 'CreationTimestamp is a timestamp representing the server time
when this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
spec:
description: 'Extend the functionality provided by the Istio proxy through
WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html'
properties:
failStrategy:
description: |-
Specifies the failure behavior for the plugin due to fatal errors.
Valid Options: FAIL_CLOSE, FAIL_OPEN
enum:
- FAIL_CLOSE
- FAIL_OPEN
type: string
imagePullPolicy:
description: |-
The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`.
Valid Options: IfNotPresent, Always
enum:
- UNSPECIFIED_POLICY
- IfNotPresent
- Always
type: string
imagePullSecret:
description: Credentials to use for OCI image pulling.
maxLength: 253
minLength: 1
type: string
match:
description: Specifies the criteria to determine which traffic is
passed to WasmPlugin.
items:
properties:
mode:
description: |-
Criteria for selecting traffic by their direction.
Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER
enum:
- UNDEFINED
- CLIENT
- SERVER
- CLIENT_AND_SERVER
type: string
ports:
description: Criteria for selecting traffic by their destination
port.
items:
properties:
number:
maximum: 65535
minimum: 1
type: integer
required:
- number
type: object
type: array
x-kubernetes-list-map-keys:
- number
x-kubernetes-list-type: map
type: object
type: array
phase:
description: |-
Determines where in the filter chain this `WasmPlugin` is to be injected.
Valid Options: AUTHN, AUTHZ, STATS
enum:
- UNSPECIFIED_PHASE
- AUTHN
- AUTHZ
- STATS
type: string
pluginConfig:
description: The configuration that will be passed on to the plugin.
type: object
x-kubernetes-preserve-unknown-fields: true
pluginName:
description: The plugin name to be used in the Envoy configuration
(used to be called `rootID`).
maxLength: 256
minLength: 1
type: string
priority:
description: Determines ordering of `WasmPlugins` in the same `phase`.
format: int32
nullable: true
type: integer
selector:
description: Criteria used to select the specific set of pods/VMs
on which this plugin configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
rule: '!self.contains(''*'')'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
rule: self.all(key, !key.contains('*'))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
sha256:
description: SHA256 checksum that will be used to verify Wasm module
or OCI container.
pattern: (^$|^[a-f0-9]{64}$)
type: string
targetRef:
properties:
group:
description: group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: kind is kind of the target resource.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: name is the name of the target resource.
maxLength: 253
minLength: 1
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
x-kubernetes-validations:
- message: Support kinds are core/Service and gateway.networking.k8s.io/Gateway
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
[''gateway.networking.k8s.io'',''Gateway'']]'
targetRefs:
description: Optional.
items:
properties:
group:
description: group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: kind is kind of the target resource.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: name is the name of the target resource.
maxLength: 253
minLength: 1
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
x-kubernetes-validations:
- message: Support kinds are core/Service and gateway.networking.k8s.io/Gateway
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
[''gateway.networking.k8s.io'',''Gateway'']]'
type: array
type:
description: |-
Specifies the type of Wasm Extension to be used.
Valid Options: HTTP, NETWORK
enum:
- UNSPECIFIED_PLUGIN_TYPE
- HTTP
- NETWORK
type: string
url:
description: URL of a Wasm module or OCI container.
minLength: 1
type: string
x-kubernetes-validations:
- message: url must have schema one of [http, https, file, oci]
rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'',
''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) &&
url(''http://'' +self).getScheme() in ['''', ''http'', ''https'',
''oci'', ''file''])'
verificationKey:
type: string
vmConfig:
description: Configuration for a Wasm VM.
properties:
env:
description: Specifies environment variables to be injected to
this VM.
items:
properties:
name:
description: Name of the environment variable.
maxLength: 256
minLength: 1
type: string
value:
description: Value for the environment variable.
maxLength: 2048
type: string
valueFrom:
description: |-
Source for the environment variable's value.
Valid Options: INLINE, HOST
enum:
- INLINE
- HOST
type: string
required:
- name
type: object
x-kubernetes-validations:
- message: value may only be set when valueFrom is INLINE
rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST''
|| !has(self.value)'
maxItems: 256
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- url
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: sailoperator
app.kubernetes.io/instance: metrics-reader
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: clusterrole
app.kubernetes.io/part-of: sailoperator
name: metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
Loading

0 comments on commit e0aa0c9

Please sign in to comment.