-
Notifications
You must be signed in to change notification settings - Fork 538
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator sailoperator (0.1.0-nightly-2024-08-06) (#4910)
Signed-off-by: Jonh Wendell <[email protected]> Co-authored-by: Jonh Wendell <[email protected]>
- Loading branch information
1 parent
6cb22ff
commit e0aa0c9
Showing
23 changed files
with
33,464 additions
and
0 deletions.
There are no files selected for viewing
465 changes: 465 additions & 0 deletions
465
operators/sailoperator/0.1.0-nightly-2024-08-06/README.md
Large diffs are not rendered by default.
Oops, something went wrong.
298 changes: 298 additions & 0 deletions
298
...tors/sailoperator/0.1.0-nightly-2024-08-06/manifests/extensions.istio.io_wasmplugins.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,298 @@ | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
helm.sh/resource-policy: keep | ||
creationTimestamp: null | ||
labels: | ||
app: istio-pilot | ||
chart: istio | ||
heritage: Tiller | ||
release: istio | ||
name: wasmplugins.extensions.istio.io | ||
spec: | ||
group: extensions.istio.io | ||
names: | ||
categories: | ||
- istio-io | ||
- extensions-istio-io | ||
kind: WasmPlugin | ||
listKind: WasmPluginList | ||
plural: wasmplugins | ||
singular: wasmplugin | ||
scope: Namespaced | ||
versions: | ||
- additionalPrinterColumns: | ||
- description: 'CreationTimestamp is a timestamp representing the server time | ||
when this object was created. It is not guaranteed to be set in happens-before | ||
order across separate operations. Clients may not set this value. It is represented | ||
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for | ||
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' | ||
jsonPath: .metadata.creationTimestamp | ||
name: Age | ||
type: date | ||
name: v1alpha1 | ||
schema: | ||
openAPIV3Schema: | ||
properties: | ||
spec: | ||
description: 'Extend the functionality provided by the Istio proxy through | ||
WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' | ||
properties: | ||
failStrategy: | ||
description: |- | ||
Specifies the failure behavior for the plugin due to fatal errors. | ||
Valid Options: FAIL_CLOSE, FAIL_OPEN | ||
enum: | ||
- FAIL_CLOSE | ||
- FAIL_OPEN | ||
type: string | ||
imagePullPolicy: | ||
description: |- | ||
The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`. | ||
Valid Options: IfNotPresent, Always | ||
enum: | ||
- UNSPECIFIED_POLICY | ||
- IfNotPresent | ||
- Always | ||
type: string | ||
imagePullSecret: | ||
description: Credentials to use for OCI image pulling. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
match: | ||
description: Specifies the criteria to determine which traffic is | ||
passed to WasmPlugin. | ||
items: | ||
properties: | ||
mode: | ||
description: |- | ||
Criteria for selecting traffic by their direction. | ||
Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER | ||
enum: | ||
- UNDEFINED | ||
- CLIENT | ||
- SERVER | ||
- CLIENT_AND_SERVER | ||
type: string | ||
ports: | ||
description: Criteria for selecting traffic by their destination | ||
port. | ||
items: | ||
properties: | ||
number: | ||
maximum: 65535 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- number | ||
type: object | ||
type: array | ||
x-kubernetes-list-map-keys: | ||
- number | ||
x-kubernetes-list-type: map | ||
type: object | ||
type: array | ||
phase: | ||
description: |- | ||
Determines where in the filter chain this `WasmPlugin` is to be injected. | ||
Valid Options: AUTHN, AUTHZ, STATS | ||
enum: | ||
- UNSPECIFIED_PHASE | ||
- AUTHN | ||
- AUTHZ | ||
- STATS | ||
type: string | ||
pluginConfig: | ||
description: The configuration that will be passed on to the plugin. | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
pluginName: | ||
description: The plugin name to be used in the Envoy configuration | ||
(used to be called `rootID`). | ||
maxLength: 256 | ||
minLength: 1 | ||
type: string | ||
priority: | ||
description: Determines ordering of `WasmPlugins` in the same `phase`. | ||
format: int32 | ||
nullable: true | ||
type: integer | ||
selector: | ||
description: Criteria used to select the specific set of pods/VMs | ||
on which this plugin configuration should be applied. | ||
properties: | ||
matchLabels: | ||
additionalProperties: | ||
maxLength: 63 | ||
type: string | ||
x-kubernetes-validations: | ||
- message: wildcard not allowed in label value match | ||
rule: '!self.contains(''*'')' | ||
description: One or more labels that indicate a specific set of | ||
pods/VMs on which a policy should be applied. | ||
maxProperties: 4096 | ||
type: object | ||
x-kubernetes-validations: | ||
- message: wildcard not allowed in label key match | ||
rule: self.all(key, !key.contains('*')) | ||
- message: key must not be empty | ||
rule: self.all(key, key.size() != 0) | ||
type: object | ||
sha256: | ||
description: SHA256 checksum that will be used to verify Wasm module | ||
or OCI container. | ||
pattern: (^$|^[a-f0-9]{64}$) | ||
type: string | ||
targetRef: | ||
properties: | ||
group: | ||
description: group is the group of the target resource. | ||
maxLength: 253 | ||
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | ||
type: string | ||
kind: | ||
description: kind is kind of the target resource. | ||
maxLength: 63 | ||
minLength: 1 | ||
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ | ||
type: string | ||
name: | ||
description: name is the name of the target resource. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
namespace: | ||
description: namespace is the namespace of the referent. | ||
type: string | ||
x-kubernetes-validations: | ||
- message: cross namespace referencing is not currently supported | ||
rule: self.size() == 0 | ||
required: | ||
- kind | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: Support kinds are core/Service and gateway.networking.k8s.io/Gateway | ||
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], | ||
[''gateway.networking.k8s.io'',''Gateway'']]' | ||
targetRefs: | ||
description: Optional. | ||
items: | ||
properties: | ||
group: | ||
description: group is the group of the target resource. | ||
maxLength: 253 | ||
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ | ||
type: string | ||
kind: | ||
description: kind is kind of the target resource. | ||
maxLength: 63 | ||
minLength: 1 | ||
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ | ||
type: string | ||
name: | ||
description: name is the name of the target resource. | ||
maxLength: 253 | ||
minLength: 1 | ||
type: string | ||
namespace: | ||
description: namespace is the namespace of the referent. | ||
type: string | ||
x-kubernetes-validations: | ||
- message: cross namespace referencing is not currently supported | ||
rule: self.size() == 0 | ||
required: | ||
- kind | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: Support kinds are core/Service and gateway.networking.k8s.io/Gateway | ||
rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], | ||
[''gateway.networking.k8s.io'',''Gateway'']]' | ||
type: array | ||
type: | ||
description: |- | ||
Specifies the type of Wasm Extension to be used. | ||
Valid Options: HTTP, NETWORK | ||
enum: | ||
- UNSPECIFIED_PLUGIN_TYPE | ||
- HTTP | ||
- NETWORK | ||
type: string | ||
url: | ||
description: URL of a Wasm module or OCI container. | ||
minLength: 1 | ||
type: string | ||
x-kubernetes-validations: | ||
- message: url must have schema one of [http, https, file, oci] | ||
rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', | ||
''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && | ||
url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', | ||
''oci'', ''file''])' | ||
verificationKey: | ||
type: string | ||
vmConfig: | ||
description: Configuration for a Wasm VM. | ||
properties: | ||
env: | ||
description: Specifies environment variables to be injected to | ||
this VM. | ||
items: | ||
properties: | ||
name: | ||
description: Name of the environment variable. | ||
maxLength: 256 | ||
minLength: 1 | ||
type: string | ||
value: | ||
description: Value for the environment variable. | ||
maxLength: 2048 | ||
type: string | ||
valueFrom: | ||
description: |- | ||
Source for the environment variable's value. | ||
Valid Options: INLINE, HOST | ||
enum: | ||
- INLINE | ||
- HOST | ||
type: string | ||
required: | ||
- name | ||
type: object | ||
x-kubernetes-validations: | ||
- message: value may only be set when valueFrom is INLINE | ||
rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' | ||
|| !has(self.value)' | ||
maxItems: 256 | ||
type: array | ||
x-kubernetes-list-map-keys: | ||
- name | ||
x-kubernetes-list-type: map | ||
type: object | ||
required: | ||
- url | ||
type: object | ||
status: | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
required: | ||
- spec | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} | ||
status: | ||
acceptedNames: | ||
kind: "" | ||
plural: "" | ||
conditions: null | ||
storedVersions: null |
17 changes: 17 additions & 0 deletions
17
...nightly-2024-08-06/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/component: kube-rbac-proxy | ||
app.kubernetes.io/created-by: sailoperator | ||
app.kubernetes.io/instance: metrics-reader | ||
app.kubernetes.io/managed-by: helm | ||
app.kubernetes.io/name: clusterrole | ||
app.kubernetes.io/part-of: sailoperator | ||
name: metrics-reader | ||
rules: | ||
- nonResourceURLs: | ||
- /metrics | ||
verbs: | ||
- get |
Oops, something went wrong.