Compare commits

..

16 Commits

Author SHA1 Message Date
unkinben 568f48098e deploy encapi to au-syd1
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
encapi is the new Postgres-backed Puppet ENC replacing Cobbler. Stand it up in
k8s alongside artifactapi so the puppet masters (via encapi-cli classify) and
the enc_direct_facts fact can reach it at encapi.k8s.syd1.au.unkin.net.

- add apps/base/encapi: namespace, deployment (git.unkin.net/unkin/encapi), service,
  gateway + httproute (encapi.k8s.syd1.au.unkin.net), configmap, CNPG cluster +
  pooler (db encapi), VaultAuth + VaultStaticSecrets (postgres-credentials, environment)
- add apps/overlays/au-syd1/encapi overlay
- register apps/overlays/*/encapi in the platform ApplicationSet

Note: the Vault KV secrets kv/kubernetes/namespace/encapi/default/{postgres-credentials,
environment} must be seeded before first sync; 'environment' carries DBPASS (matching
the CNPG owner password) and ENCAPI_WRITE_TOKEN.
2026-07-04 23:25:25 +10:00
unkinben 3ab8bcc34b Restrict authoritative queries to internal networks (#227)
Mirrors the puppet authoritative `master-zones` view (match-clients `acl-main.unkin.net`, recursion no) — restricting who can query bind-authoritative.

## Changes
- add `auth-acl-main` BindACL with the puppet authoritative acl-main.unkin.net networks (13-17,19,20,24-29)
- `allow-query { auth-acl-main; 10.42.0.0/16; }` on bind-authoritative via extraOptions

## Notes
- Implemented as a global `allow-query` rather than a BindView: dynamic *primary* zones inside a view would need per-view `allow-new-zones` (an operator gap). Functionally equivalent for the single master-zones view.
- `10.42.0.0/16` (pod network) is included so secondaries can SOA-refresh from the primary during catalog replication — without it, replication breaks.
- Works on the current operator (no HOLD).

## Caveat
The DNS Services use externalTrafficPolicy: Cluster, which SNATs external clients to node IPs (198.18.19.x, already in acl-main), so this ACL doesn't truly restrict *external* clients yet. True source-IP restriction needs externalTrafficPolicy: Local — happy to switch if wanted.

Reviewed-on: #227
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-04 22:15:43 +10:00
unkinben c8d61205ce Configure resolvers like puppet (openforwarder view + forward zones) (#226)
## Why
`dig google.com @198.18.200.7` was refused: the resolver never set allow-recursion, so BIND defaulted to localnets/localhost. This mirrors the puppet resolver (/etc/named/views.conf + acls.conf) exactly.

## Changes
- `openforwarder` BindView: `match-clients` = the 4 internal ACLs, recursion yes, allow-recursion/allow-query `any` (match-clients gates)
- 4 BindACLs from puppet acls.conf (acl-main.unkin.net/acl-dmz/acl-common/acl-nomad-jobs)
- 26 conditional forward zones in the view (unkin→198.18.19.15, consul→.14, k8s→.20, dmz/network/prod + 10.10.x reverse → 10.10.16.32/33)
- global forwarders 8.8.8.8/1.1.1.1
- operator image → v0.1.4

## Note
Forward-zone upstreams point at the **puppet anycast** servers (still authoritative during migration); flip to the in-cluster authoritative/externaldns LBs once zone data is migrated.

## Validated
kustomize build (59 docs), kubeconform clean.

Reviewed-on: #226
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-04 21:55:33 +10:00
unkinben ce8ebc71ce Consolidate BIND DNS into one bind-internal namespace (#225)
**HOLD until v0.1.3 is tagged/built** (operator #4 merged + tagged) — this PR bumps the operator to v0.1.3, whose CRD adds the `clusterRef` field these keys use.

## Why
Put all BIND DNS services in one `bind-internal` namespace and name the StatefulSets clearly.

## Changes
- 3 clusters consolidated into `bind-internal`, StatefulSets renamed **bind-authoritative** / **bind-resolvers** / **bind-externaldns**; LBs kept on 198.18.200.6/.7/.8; external-dns hostnames renamed to match
- `clusterRef` added to `transfer-key` (→ bind-authoritative) and `externaldns-key` (→ bind-externaldns) so keys are scoped per cluster
- removed the old `ns-auth`/`ns-resolver`/`ns-externaldns` apps; ApplicationSet + AppProject now list `bind-internal`
- bumped `bind-system` operator to **v0.1.3** (CRD link + image)
- operator stays in `bind-system`

## Deploy impact
ArgoCD prunes the old ns-* namespaces (StatefulSets/PVCs — data is only seed SOA+NS, no migrated records yet) and creates the renamed clusters in bind-internal.

## Validated
`kustomize build` → 28 docs (3 BindCluster, 20 BindZone, 2 catalog, 2 keys, ns); kubeconform clean.

Reviewed-on: #225
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-04 00:35:43 +10:00
unkinben 7c9a697452 Deploy binddns-externaldns (RFC2136 dynamic cluster) (#222)
Part of the bind rollout split. **Merge #219 (bind-operator) first** — stacked on it; diff reduces to the binddns-externaldns files once #219 merges.

## Why
The external-dns tier (replaces 3x Puppet external-dns servers): an authoritative cluster whose zones accept RFC2136 TSIG updates from external-dns.

## Changes
- `apps/base/binddns-externaldns`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindTSIGKey` for RFC2136, namespace
- au-syd1 `binddns-externaldns` overlay

## Deploy impact
Creates the `binddns-externaldns` StatefulSet + LoadBalancer once merged.

Reviewed-on: #222
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 23:09:36 +10:00
unkinben 6affc5d8f4 Deploy binddns-resolver (recursive resolver cluster) (#221)
Part of the bind rollout split. **Merge #219 (bind-operator) first** — stacked on it; diff reduces to the binddns-resolver files once #219 merges.

## Why
The recursive-resolver tier (replaces 3x Puppet only-resolver servers): 3 identical recursive servers with upstream forwarders.

## Changes
- `apps/base/binddns-resolver`: resolver `BindCluster` (3 replicas, forwarders, LoadBalancer/PureLB), namespace
- au-syd1 `binddns-resolver` overlay

## Deploy impact
Creates the `binddns-resolver` StatefulSet + LoadBalancer once merged.

Reviewed-on: #221
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 23:08:06 +10:00
unkinben de123af1b1 Bump bind-operator image to v0.1.2 (#224)
**HOLD until v0.1.2 is tagged/built** (bind-operator #3 merged + tagged).

Picks up the zone-provisioning fix (seed glue A record + IP-based primaries + Pod watch) so the clusters stop failing to load their zones.

- `apps/base/bind-system/deployment.yaml`: image v0.1.1 -> v0.1.2

Reviewed-on: #224
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 23:03:37 +10:00
unkinben 649ed07ab0 Deploy binddns-auth (authoritative BIND cluster) (#220)
Part of the bind rollout split. **Merge #219 (bind-operator) first** — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges.

## Why
The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR.

## Changes
- `apps/base/binddns-auth`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindCatalogZone`, transfer `BindTSIGKey`, namespace
- au-syd1 `binddns-auth` overlay

## Deploy impact
Creates the `binddns-auth` StatefulSet + LoadBalancer once merged.

Reviewed-on: #220
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 21:23:25 +10:00
unkinben dbb5ad4f86 Rename bind DNS namespaces to ns-* (#223)
Renames the three BIND DNS app namespaces `binddns-{auth,resolver,externaldns}` -> `ns-{auth,resolver,externaldns}`.

## Why
Shorter, clearer namespace names for the DNS tiers.

## Changes
- `argocd/applicationsets/platform.yaml`: overlay path registrations renamed (the ApplicationSet derives each app's namespace from its overlay dir name)
- `argocd/projects/platform.yaml`: destination namespaces renamed

## Coupled with
The per-tier PRs (#220/#221/#222) rename the overlay dirs + namespaces + external-dns hostnames to match. No app deploys to a renamed namespace until both this and the tier PR are merged (harmless before then — the ApplicationSet only instantiates apps for existing dirs).

Reviewed-on: #223
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 21:16:24 +10:00
unkinben 4b8f9313c8 Deploy bind-operator (operator + CRDs) (#219)
First of a 4-PR split of the bind rollout (was #216). Deploys just the operator control plane so it can be verified before any DNS clusters exist.

## Why
Roll out incrementally: operator + CRDs first, then each BIND tier as its own PR.

## Changes
- `apps/base/bind-system`: operator Deployment (`git.unkin.net/unkin/bind-operator:v0.1.1`), RBAC, namespace; CRDs pulled from the operator repo by raw URL (`config/crd/install.yaml` @ v0.1.1)
- au-syd1 `bind-system` overlay
- register all four bind apps in `argocd/applicationsets/platform.yaml` (DNS overlays instantiate only when their dirs land in the follow-up PRs)
- add `binddns-*` namespaces to `argocd/projects/platform.yaml`
- add `schemas/bind.unkin.net/*.json` for kubeconform

## Deploy impact
Operator pod + CRDs only. No DNS services yet — the operator is idle until BindClusters exist.

## Follow-ups (merge after this)
binddns-auth, binddns-resolver, binddns-externaldns — one PR each.

Reviewed-on: #219
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 20:04:57 +10:00
unkinben bb330a0365 chore(artifactapi): deploy v3.7.4 (#218)
## Why

artifactapi `v3.7.4` images are built and pushed; au-syd1 is on `v3.7.3`. This rolls forward to ship the terraform provider registry.

## Changes

- `api-deployment`: `artifactapi` `v3.7.3` → `v3.7.4`
- `ui-deployment`: `artifactapi-ui` `v3.7.3` → `v3.7.4`

## What's new in v3.7.4

- Local terraform repos are now a real provider registry: `/.well-known/terraform.json` + `providers.v1` versions/download with GPG-signed SHA256SUMS (#102).
- The signing key self-provisions in the DB (`signing_keys` table) — no K8s secret to mount, so no deployment wiring needed.

Once synced, `terraform init` against `source = "artifactapi.k8s.syd1.au.unkin.net/<repo>/<type>"` works.

Reviewed-on: #218
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 19:40:38 +10:00
unkinben 15225433e9 chore(artifactapi): deploy v3.7.3 (#215)
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
## Why

artifactapi images \`v3.7.3\` are built and pushed to the registry, but au-syd1 is still running \`v3.6.5\`. This rolls the deployment forward to pick up the recent fixes.

## Changes

- \`api-deployment\`: \`artifactapi\` \`v3.6.5\` → \`v3.7.3\`
- \`ui-deployment\`: \`artifactapi-ui\` \`v3.6.5\` → \`v3.7.3\`

Included in v3.7.x since v3.6.5:
- Local-repo files now appear in the cached-objects UI (#99).
- Evicting a local RPM prunes its repodata metadata (#100).
- The bare domain redirects to the web UI at /ui (#101).

Reviewed-on: #215
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 15:14:28 +10:00
unkinben bbb9acba36 feat: add woodpecker service accounts for media terraform repos (#214)
Add Kubernetes ServiceAccounts in the woodpecker namespace for terraform-sonarr, terraform-radarr, and terraform-prowlarr CI pipelines.

Reviewed-on: #214
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-06-28 22:04:33 +10:00
benvin 48f32a044d fix: update TLSRoute to v1 (#213)
TLSRoutes are now in standard, no longer experimental

---------

Co-authored-by: Ben Vincent <ben@unkin.net>
Reviewed-on: #213
2026-06-28 17:50:27 +10:00
unkinben 7f1444fb38 Add Authentik identity provider deployment (#211)
## Summary
- Deploy Authentik (identity.unkin.net) via Helm chart 2026.5.3
- CNPG PostgreSQL cluster (3 instances) with separate rw/ro poolers (2 instances each)
- Redis with 5Gi persistent storage
- Gateway API for HTTPS (identity.unkin.net) and LDAPS (ldap.k8s.syd1.au.unkin.net, ldap.main.unkin.net)
- TLSRoute for LDAPS passthrough, HTTPRoute for external-dns record creation
- Vault secrets for postgres credentials, authentik secret key, and S3 storage credentials
- S3 storage via RadosGW (bucket: authentik)
- 3 server replicas, 2 worker replicas
- Woodpecker ServiceAccount for terraform-authentik CI
- Platform applicationset and project updated

## Dependencies
- terraform-git #15 (merged) — repo definition
- terraform-vault #78 (merged) — auth roles and Consul ACL

## Vault secrets needed before deploy
Write to `kv/kubernetes/namespace/authentik/default/`:
- `postgres-credentials`: username + password
- `authentik-credentials`: AUTHENTIK_SECRET_KEY
- `s3-credentials`: S3 access key + secret key

Reviewed-on: #211
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-06-28 17:42:49 +10:00
unkinben 784c3b5de1 Add JSON schema generation for kubeconform CRD validation (#212)
## Summary
- New `ci/generate-schemas.sh` script that generates JSON schemas from three sources:
  1. Live cluster CRDs via `kubectl get crds`
  2. Offline CRD manifests (ArgoCD v3.3.2, Gateway API v1.5.1)
  3. Kubernetes v1.33.7 swagger spec for native types
- Schemas follow Datree catalog convention (`<group>/<Kind>_<version>.json`)
- `validate-apps.sh` and `validate-clusters.sh` check local schemas first, falling back to remote
- Fixes TLSRoute (and other CRD) schema validation failures in kubeconform

## Sources
- ArgoCD: `artifactapi.../argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml`
- Gateway API: `artifactapi.../kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml`
- Kubernetes: `artifactapi.../kubernetes/kubernetes/refs/tags/v1.33.7/api/openapi-spec/swagger.json`

Reviewed-on: #212
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-06-28 17:26:08 +10:00
333 changed files with 146873 additions and 110 deletions
-1
View File
@@ -1,3 +1,2 @@
manifests/
schemas/
apps/**/charts/
+2
View File
@@ -7,6 +7,7 @@ repos:
- id: check-json
- id: check-added-large-files
args: ['--maxkb=500']
exclude: '^schemas/'
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
@@ -19,6 +20,7 @@ repos:
- id: end-of-file-fixer
- id: forbid-new-submodules
- id: pretty-format-json
args: ['--autofix']
- id: trailing-whitespace
# YAML linting
+3 -3
View File
@@ -1,4 +1,4 @@
.PHONY: build clean
.PHONY: build clean schemas
# Build a kustomization path to manifests directory
# Usage: make build clusters/au-syd1/bootstrap
@@ -6,12 +6,12 @@ build:
@mkdir -p manifests/$(filter-out $@,$(MAKECMDGOALS))
@kustomize build --enable-helm $(filter-out $@,$(MAKECMDGOALS)) --output manifests/$(filter-out $@,$(MAKECMDGOALS))
# Generate JSON schemas from CRDs and Kubernetes swagger spec
# Generate JSON schemas from CRDs and Kubernetes swagger spec (run manually, results committed)
schemas:
@ci/generate-schemas.sh schemas
# kubeconform
kubeconform: schemas
kubeconform:
@ci/validate-apps.sh && \
ci/validate-clusters.sh
+1 -1
View File
@@ -35,7 +35,7 @@ spec:
mountPath: /combined-certs
containers:
- name: api
image: git.unkin.net/unkin/artifactapi:v3.6.5
image: git.unkin.net/unkin/artifactapi:v3.7.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
+1 -1
View File
@@ -22,7 +22,7 @@ spec:
automountServiceAccountToken: true
containers:
- name: ui
image: git.unkin.net/unkin/artifactapi-ui:v3.6.5
image: git.unkin.net/unkin/artifactapi-ui:v3.7.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
+91
View File
@@ -0,0 +1,91 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
namespace: authentik
spec:
affinity:
podAntiAffinityType: preferred
bootstrap:
initdb:
database: authentik
encoding: UTF8
localeCType: C
localeCollate: C
owner: authentik
secret:
name: postgres-credentials
enablePDB: true
enableSuperuserAccess: false
failoverDelay: 0
imageName: ghcr.io/cloudnative-pg/postgresql:18.1-system-trixie
instances: 3
logLevel: info
maxSyncReplicas: 0
minSyncReplicas: 0
monitoring:
customQueriesConfigMap:
- key: queries
name: cnpg-default-monitoring
disableDefaultQueries: false
enablePodMonitor: false
postgresql:
parameters:
archive_mode: "on"
archive_timeout: 5min
dynamic_shared_memory_type: posix
effective_cache_size: 256MB
full_page_writes: "on"
log_destination: csvlog
log_directory: /controller/log
log_filename: postgres
log_rotation_age: "0"
log_rotation_size: "0"
log_truncate_on_rotation: "false"
logging_collector: "on"
max_connections: "200"
max_parallel_workers: "16"
max_replication_slots: "16"
max_worker_processes: "16"
shared_buffers: 128MB
shared_memory_type: mmap
ssl_max_protocol_version: TLSv1.3
ssl_min_protocol_version: TLSv1.3
wal_keep_size: 256MB
wal_level: logical
wal_log_hints: "on"
wal_receiver_timeout: 5s
wal_sender_timeout: 5s
syncReplicaElectionConstraint:
enabled: false
primaryUpdateMethod: restart
primaryUpdateStrategy: unsupervised
probes:
liveness:
isolationCheck:
connectionTimeout: 1000
enabled: true
requestTimeout: 1000
replicationSlots:
highAvailability:
enabled: true
slotPrefix: _cnpg_
synchronizeReplicas:
enabled: true
updateInterval: 30
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
smartShutdownTimeout: 180
startDelay: 3600
stopDelay: 1800
storage:
resizeInUseVolumes: true
size: 20Gi
storageClass: cephrbd-fast-delete
switchoverDelay: 3600
+66
View File
@@ -0,0 +1,66 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler-rw
namespace: authentik
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler-rw
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler-rw
topologyKey: kubernetes.io/hostname
containers: []
type: rw
---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler-ro
namespace: authentik
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler-ro
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler-ro
topologyKey: kubernetes.io/hostname
containers: []
type: ro
+57
View File
@@ -0,0 +1,57 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: identity.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: identity.unkin.net,identity.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
name: authentik
namespace: authentik
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: identity.unkin.net
name: http
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: identity.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: authentik-tls
mode: Terminate
- allowedRoutes:
namespaces:
from: Same
hostname: identity.k8s.syd1.au.unkin.net
name: http-internal
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: identity.k8s.syd1.au.unkin.net
name: https-internal
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: authentik-tls
mode: Terminate
+59
View File
@@ -0,0 +1,59 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authentik-http-redirect
namespace: authentik
spec:
hostnames:
- identity.unkin.net
- identity.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik
sectionName: http
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik
sectionName: http-internal
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authentik
namespace: authentik
spec:
hostnames:
- identity.unkin.net
- identity.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik
sectionName: https
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik
sectionName: https-internal
rules:
- backendRefs:
- group: ""
kind: Service
name: authentik-server
port: 80
weight: 1
matches:
- path:
type: PathPrefix
value: /
+19
View File
@@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cnpg_cluster.yaml
- cnpg_pooler.yaml
- gateway.yaml
- httproute.yaml
- ldap-gateway.yaml
- ldap-httproute.yaml
- ldap-service.yaml
- ldap-tlsroute.yaml
- namespace.yaml
- redis-deployment.yaml
- redis-pvc.yaml
- redis-service.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
+47
View File
@@ -0,0 +1,47 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: ldap.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
name: authentik-ldap
namespace: authentik
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: ldap.k8s.syd1.au.unkin.net
name: ldaps-internal
port: 636
protocol: TLS
tls:
mode: Passthrough
- allowedRoutes:
namespaces:
from: Same
hostname: ldap.main.unkin.net
name: ldaps-main
port: 636
protocol: TLS
tls:
mode: Passthrough
- allowedRoutes:
namespaces:
from: Same
hostname: ldap.k8s.syd1.au.unkin.net
name: http-dns
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: ldap.main.unkin.net
name: http-dns-main
port: 80
protocol: HTTP
+32
View File
@@ -0,0 +1,32 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authentik-ldap-dns
namespace: authentik
annotations:
external-dns.alpha.kubernetes.io/hostname: ldap.k8s.syd1.au.unkin.net,ldap.main.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
hostnames:
- ldap.k8s.syd1.au.unkin.net
- ldap.main.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: http-dns
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: http-dns-main
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
+18
View File
@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: Service
metadata:
name: authentik-ldap
namespace: authentik
spec:
internalTrafficPolicy: Cluster
ports:
- name: ldaps
port: 6636
protocol: TCP
targetPort: 6636
selector:
app.kubernetes.io/name: authentik
app.kubernetes.io/component: ldap
sessionAffinity: None
type: ClusterIP
+26
View File
@@ -0,0 +1,26 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: TLSRoute
metadata:
name: authentik-ldaps
namespace: authentik
spec:
hostnames:
- ldap.k8s.syd1.au.unkin.net
- ldap.main.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: ldaps-internal
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: ldaps-main
rules:
- backendRefs:
- group: ""
kind: Service
name: authentik-ldap
port: 6636
weight: 1
+5
View File
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: authentik
+58
View File
@@ -0,0 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: authentik
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
imagePullPolicy: IfNotPresent
args:
- --save
- "20"
- "1"
ports:
- containerPort: 6379
name: redis
protocol: TCP
livenessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
exec:
command:
- redis-cli
- ping
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
volumeMounts:
- mountPath: /data
name: redis-data
volumes:
- name: redis-data
persistentVolumeClaim:
claimName: redis-data
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-data
namespace: authentik
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: cephrbd-fast-delete
+17
View File
@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: authentik
spec:
internalTrafficPolicy: Cluster
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: redis
selector:
app: redis
sessionAffinity: None
type: ClusterIP
+18
View File
@@ -0,0 +1,18 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: default
namespace: authentik
spec:
allowedNamespaces:
- authentik
kubernetes:
audiences:
- vault
role: default
serviceAccount: default
tokenExpirationSeconds: 600
method: kubernetes
mount: k8s/au/syd1
vaultConnectionRef: vso-system/default
@@ -0,0 +1,51 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: postgres-credentials
namespace: authentik
spec:
destination:
create: true
name: postgres-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/authentik/default/postgres-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: authentik-credentials
namespace: authentik
spec:
destination:
create: true
name: authentik-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/authentik/default/authentik-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: s3-credentials
namespace: authentik
spec:
destination:
create: true
name: s3-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/authentik/default/s3-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
@@ -0,0 +1,26 @@
---
# Internal client networks allowed to query the authoritative servers,
# mirrored from the puppet authoritative /etc/named/acls.conf
# (acl-main.unkin.net). Named auth-acl-main because the resolver has its own,
# differently-scoped acl-main.unkin.net in the same namespace.
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: auth-acl-main
namespace: bind-internal
spec:
clusterRef: bind-authoritative
entries:
- 198.18.13.0/24
- 198.18.14.0/24
- 198.18.15.0/24
- 198.18.16.0/24
- 198.18.17.0/24
- 198.18.19.0/24
- 198.18.20.0/24
- 198.18.24.0/24
- 198.18.25.0/24
- 198.18.26.0/24
- 198.18.27.0/24
- 198.18.28.0/24
- 198.18.29.0/24
@@ -0,0 +1,42 @@
---
# Authoritative masters (replaces the 3x Puppet authoritative servers).
# pod-0 is the primary; pods 1-2 replicate via the catalog zone + AXFR/IXFR.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-authoritative
namespace: bind-internal
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 2Gi
# Restrict queries to internal networks (puppet acl-main.unkin.net).
# 10.42.0.0/16 (pod net) is required so secondaries can SOA-refresh
# from the primary during catalog replication.
extraOptions:
- "allow-query { auth-acl-main; 10.42.0.0/16; }"
service:
type: LoadBalancer
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.6
external-dns.alpha.kubernetes.io/hostname: bind-authoritative.k8s.syd1.au.unkin.net
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
---
# Catalog zone so new BindZones auto-provision onto the secondaries.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCatalogZone
metadata:
name: bind-authoritative-catalog
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: catalog.internal
transferKeyRef: transfer-key
@@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- tsigkey.yaml
- zones.yaml
- acls.yaml
@@ -0,0 +1,11 @@
---
# Zone-transfer / catalog key. The operator generates the material into a
# Secret (transfer-key-tsig); nothing sensitive is committed to git.
apiVersion: bind.unkin.net/v1alpha1
kind: BindTSIGKey
metadata:
name: transfer-key
namespace: bind-internal
spec:
clusterRef: bind-authoritative
algorithm: hmac-sha256
@@ -0,0 +1,204 @@
# Authoritative zones migrated from puppet-prod
# (profiles::dns::master::zones in hieradata/roles/infra/dns/master.yaml).
# type primary, static (puppet dynamic:false); TTL 600 as in the puppet zone header.
# Record data is populated by PuppetDB exported resources upstream, so it is
# NOT in this repo — migrate it into these zones (AXFR from the current masters,
# or DNSRecord CRs) as a follow-up. The zones start with SOA+NS only.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: unkin-net
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: unkin.net
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: main-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: main.unkin.net
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 13-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 13.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 14-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 14.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 15-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 15.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 16-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 16.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 17-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 17.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 19-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 19.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 20-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 20.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 21-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 21.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 22-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 22.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 23-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 23.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 24-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 24.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 25-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 25.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 26-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 26.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 27-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 27.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 28-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 28.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 29-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 29.18.198.in-addr.arpa
type: primary
defaultTTL: 600
@@ -0,0 +1,39 @@
---
# external-dns tier (replaces the 3x Puppet external-dns servers). An ordinary
# authoritative cluster; external-dns writes to its zones via RFC2136 because
# those BindZones set dynamicUpdate (allow-update { key externaldns-key; }).
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-externaldns
namespace: bind-internal
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 1Gi
service:
type: LoadBalancer
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.8
external-dns.alpha.kubernetes.io/hostname: bind-externaldns.k8s.syd1.au.unkin.net
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
---
# Catalog zone so the dynamic zones replicate onto the cluster's secondaries
# (external-dns writes to the primary; secondaries IXFR the result).
apiVersion: bind.unkin.net/v1alpha1
kind: BindCatalogZone
metadata:
name: bind-externaldns-catalog
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: catalog.externaldns.internal
transferKeyRef: externaldns-key
@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- tsigkey.yaml
- zones.yaml
@@ -0,0 +1,11 @@
---
# Key that external-dns (and DNSRecord objects) use to send RFC2136 dynamic
# updates to the primary. The operator generates the material into a Secret.
apiVersion: bind.unkin.net/v1alpha1
kind: BindTSIGKey
metadata:
name: externaldns-key
namespace: bind-internal
spec:
clusterRef: bind-externaldns
algorithm: hmac-sha256
@@ -0,0 +1,34 @@
# k8s external-dns zones migrated from puppet-prod
# (externaldns::k8s_zones in hieradata/roles/infra/dns/externaldns.yaml).
# Primary + dynamicUpdate: the Kubernetes external-dns controller writes
# records here via RFC2136 authenticated with externaldns-key.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: k8s-syd1-au-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: k8s.syd1.au.unkin.net
type: primary
defaultTTL: 600
dynamicUpdate: true
updateKeyRef: externaldns-key
allowTransfer:
- key externaldns-key
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 200-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: 200.18.198.in-addr.arpa
type: primary
defaultTTL: 600
dynamicUpdate: true
updateKeyRef: externaldns-key
allowTransfer:
- key externaldns-key
@@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- authoritative
- resolvers
- externaldns
+5
View File
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: bind-internal
@@ -0,0 +1,65 @@
# Internal client ACLs, mirrored from puppet /etc/named/acls.conf.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-main.unkin.net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.1.10/32
- 198.18.2.160/27
- 198.18.21.160/27
- 198.18.2.192/27
- 198.18.21.192/27
- 198.18.13.0/24
- 198.18.14.0/24
- 198.18.15.0/24
- 198.18.16.0/24
- 198.18.17.0/24
- 198.18.18.0/24
- 198.18.19.0/24
- 198.18.20.0/24
- 198.18.21.0/24
- 198.18.22.0/24
- 198.18.23.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-dmz
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.24.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-common
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.25.0/24
- 198.18.26.0/24
- 198.18.27.0/24
- 198.18.28.0/24
- 198.18.29.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-nomad-jobs
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.64.0/24
- 198.18.65.0/24
- 198.18.66.0/24
- 198.18.67.0/24
- 198.18.68.0/24
- 198.18.69.0/24
@@ -0,0 +1,29 @@
---
# Recursive resolvers (replaces the 3x Puppet only-resolver servers).
# Three identical recursive servers; no zone replication.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-resolvers
namespace: bind-internal
spec:
mode: resolver
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 1Gi
service:
type: LoadBalancer
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.7
external-dns.alpha.kubernetes.io/hostname: bind-resolvers.k8s.syd1.au.unkin.net
forwarders:
- 8.8.8.8
- 1.1.1.1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
@@ -0,0 +1,284 @@
# Conditional forward zones, from the puppet openforwarder view.
# Upstreams: unkin authoritative 198.18.200.6, consul 198.18.19.14, k8s 198.18.200.8.
# k8s -> in-cluster bind-externaldns 198.18.200.8.
# (Zones that forwarded to 10.10.16.x were dropped; consul left as-is.)
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-main-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: main.unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-consul
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: consul
type: forward
catalog: false
forwarders:
- 198.18.19.14
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-k8s-syd1-au-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: k8s.syd1.au.unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.8
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-13-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 13.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-14-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 14.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-15-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 15.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-16-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 16.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-17-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 17.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-19-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 19.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-20-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 20.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-21-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 21.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-22-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 22.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-23-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 23.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-24-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 24.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-25-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 25.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-26-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 26.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-27-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 27.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-28-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 28.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-29-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 29.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
@@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- acls.yaml
- view.yaml
- forward-zones.yaml
@@ -0,0 +1,23 @@
---
# openforwarder view, mirrored from puppet /etc/named/views.conf.
# match-clients gates access to internal networks; recursion/query are 'any'
# within the view since match-clients already restricts who reaches it.
apiVersion: bind.unkin.net/v1alpha1
kind: BindView
metadata:
name: openforwarder
namespace: bind-internal
spec:
clusterRef: bind-resolvers
order: 100
matchClients:
- acl-main.unkin.net
- acl-nomad-jobs
- acl-common
- acl-dmz
recursion: true
allowQuery:
- any
extraOptions:
- "allow-recursion { any; }"
- "allow-query-cache { any; }"
+57
View File
@@ -0,0 +1,57 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bind-operator
namespace: bind-system
labels:
app.kubernetes.io/name: bind-operator
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: bind-operator
template:
metadata:
labels:
app.kubernetes.io/name: bind-operator
spec:
serviceAccountName: bind-operator
securityContext:
runAsNonRoot: true
containers:
- name: operator
image: git.unkin.net/unkin/bind-operator:v0.1.4
args:
- --metrics-bind-address=:8080
- --health-probe-bind-address=:8081
- --leader-elect
ports:
- containerPort: 8080
name: metrics
- containerPort: 8081
name: health
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 256Mi
+11
View File
@@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
# CRDs are pulled from the bind-operator repo at the matching tag rather than
# vendored here, so they never drift from the operator.
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml
- rbac.yaml
- deployment.yaml
+5
View File
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: bind-system
+46
View File
@@ -0,0 +1,46 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bind-operator
namespace: bind-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bind-operator
rules:
- apiGroups: ["bind.unkin.net"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["services", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create", "get"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: bind-operator
subjects:
- kind: ServiceAccount
name: bind-operator
namespace: bind-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bind-operator
+91
View File
@@ -0,0 +1,91 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
namespace: encapi
spec:
affinity:
podAntiAffinityType: preferred
bootstrap:
initdb:
database: encapi
encoding: UTF8
localeCType: C
localeCollate: C
owner: encapi
secret:
name: postgres-credentials
enablePDB: true
enableSuperuserAccess: false
failoverDelay: 0
imageName: ghcr.io/cloudnative-pg/postgresql:18.1-system-trixie
instances: 3
logLevel: info
maxSyncReplicas: 0
minSyncReplicas: 0
monitoring:
customQueriesConfigMap:
- key: queries
name: cnpg-default-monitoring
disableDefaultQueries: false
enablePodMonitor: false
postgresql:
parameters:
archive_mode: "on"
archive_timeout: 5min
dynamic_shared_memory_type: posix
effective_cache_size: 256MB
full_page_writes: "on"
log_destination: csvlog
log_directory: /controller/log
log_filename: postgres
log_rotation_age: "0"
log_rotation_size: "0"
log_truncate_on_rotation: "false"
logging_collector: "on"
max_connections: "200"
max_parallel_workers: "16"
max_replication_slots: "16"
max_worker_processes: "16"
shared_buffers: 128MB
shared_memory_type: mmap
ssl_max_protocol_version: TLSv1.3
ssl_min_protocol_version: TLSv1.3
wal_keep_size: 256MB
wal_level: logical
wal_log_hints: "on"
wal_receiver_timeout: 5s
wal_sender_timeout: 5s
syncReplicaElectionConstraint:
enabled: false
primaryUpdateMethod: restart
primaryUpdateStrategy: unsupervised
probes:
liveness:
isolationCheck:
connectionTimeout: 1000
enabled: true
requestTimeout: 1000
replicationSlots:
highAvailability:
enabled: true
slotPrefix: _cnpg_
synchronizeReplicas:
enabled: true
updateInterval: 30
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
smartShutdownTimeout: 180
startDelay: 3600
stopDelay: 1800
storage:
resizeInUseVolumes: true
size: 10Gi
storageClass: cephrbd-fast-delete
switchoverDelay: 3600
+33
View File
@@ -0,0 +1,33 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler
namespace: encapi
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler
topologyKey: kubernetes.io/hostname
containers: []
type: rw
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: encapi-env
namespace: encapi
data:
LISTEN_ADDR: ":8000"
DBHOST: postgres-pooler
DBNAME: encapi
DBPORT: "5432"
DBUSER: encapi
DBSSL: require
+64
View File
@@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: encapi
namespace: encapi
annotations:
reloader.stakater.com/auto: "true"
spec:
replicas: 2
selector:
matchLabels:
app: encapi
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: encapi
spec:
automountServiceAccountToken: true
containers:
- name: encapi
image: git.unkin.net/unkin/encapi:v0.0.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: http
protocol: TCP
envFrom:
# DBHOST/DBNAME/DBPORT/DBUSER/DBSSL/LISTEN_ADDR
- configMapRef:
name: encapi-env
optional: false
# DBPASS + ENCAPI_WRITE_TOKEN (seeded in Vault, see cutover notes)
- secretRef:
name: environment
optional: false
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 3
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 256Mi
restartPolicy: Always
+37
View File
@@ -0,0 +1,37 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: encapi.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: encapi.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
name: encapi
namespace: encapi
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: encapi.k8s.syd1.au.unkin.net
name: http
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: encapi.k8s.syd1.au.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: encapi-tls
mode: Terminate
+49
View File
@@ -0,0 +1,49 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: encapi-http-redirect
namespace: encapi
spec:
hostnames:
- encapi.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: encapi
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: encapi
namespace: encapi
spec:
hostnames:
- encapi.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: encapi
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: encapi
port: 80
weight: 1
matches:
- path:
type: PathPrefix
value: /
+15
View File
@@ -0,0 +1,15 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- configmap.yaml
- deployment.yaml
- service.yaml
- gateway.yaml
- httproute.yaml
- cnpg_cluster.yaml
- cnpg_pooler.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
+5
View File
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: encapi
+17
View File
@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: Service
metadata:
name: encapi
namespace: encapi
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: encapi
sessionAffinity: None
type: ClusterIP
+18
View File
@@ -0,0 +1,18 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: default
namespace: encapi
spec:
allowedNamespaces:
- encapi
kubernetes:
audiences:
- vault
role: default
serviceAccount: default
tokenExpirationSeconds: 600
method: kubernetes
mount: k8s/au/syd1
vaultConnectionRef: vso-system/default
+34
View File
@@ -0,0 +1,34 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: postgres-credentials
namespace: encapi
spec:
destination:
create: true
name: postgres-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/encapi/default/postgres-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: environment
namespace: encapi
spec:
destination:
create: true
name: environment
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/encapi/default/environment
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
+4
View File
@@ -7,7 +7,11 @@ resources:
- cnpg_cluster.yaml
- cnpg_pooler.yaml
- serviceaccount_terraform_artifactapi.yaml
- serviceaccount_terraform_authentik.yaml
- serviceaccount_terraform_git.yaml
- serviceaccount_terraform_prowlarr.yaml
- serviceaccount_terraform_radarr.yaml
- serviceaccount_terraform_sonarr.yaml
- serviceaccount_terraform_vault.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: terraform-authentik
namespace: woodpecker
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: terraform-prowlarr
namespace: woodpecker
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: terraform-radarr
namespace: woodpecker
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: terraform-sonarr
namespace: woodpecker
@@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/authentik
helmCharts:
- name: authentik
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
version: "2026.5.3"
releaseName: authentik
namespace: authentik
valuesFile: values.yaml
+105
View File
@@ -0,0 +1,105 @@
global:
env:
# PostgreSQL primary (via pooler)
- name: AUTHENTIK_POSTGRESQL__HOST
value: postgres-pooler-rw
- name: AUTHENTIK_POSTGRESQL__PORT
value: "5432"
- name: AUTHENTIK_POSTGRESQL__NAME
value: authentik
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: postgres-credentials
key: username
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: postgres-credentials
key: password
# PostgreSQL read replica (via pooler)
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__HOST
value: postgres-pooler-ro
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__PORT
value: "5432"
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__NAME
value: authentik
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__USER
valueFrom:
secretKeyRef:
name: postgres-credentials
key: username
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__PASSWORD
valueFrom:
secretKeyRef:
name: postgres-credentials
key: password
# PostgreSQL pooler settings
- name: AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS
value: "true"
- name: AUTHENTIK_POSTGRESQL__CONN_MAX_AGE
value: "0"
- name: AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECKS
value: "true"
# Redis
- name: AUTHENTIK_REDIS__HOST
value: redis
- name: AUTHENTIK_REDIS__PORT
value: "6379"
# S3 storage
- name: AUTHENTIK_STORAGE__BACKEND
value: s3
- name: AUTHENTIK_STORAGE__S3__ENDPOINT
value: https://radosgw.service.consul/
- name: AUTHENTIK_STORAGE__S3__BUCKET_NAME
value: authentik
- name: AUTHENTIK_STORAGE__S3__ADDRESSING_STYLE
value: path
- name: AUTHENTIK_STORAGE__S3__ACCESS_KEY
valueFrom:
secretKeyRef:
name: s3-credentials
key: AUTHENTIK_STORAGE__S3__ACCESS_KEY
- name: AUTHENTIK_STORAGE__S3__SECRET_KEY
valueFrom:
secretKeyRef:
name: s3-credentials
key: AUTHENTIK_STORAGE__S3__SECRET_KEY
# Secret key
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-credentials
key: AUTHENTIK_SECRET_KEY
server:
replicas: 3
annotations:
reloader.stakater.com/auto: "true"
ingress:
enabled: false
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: 250m
memory: 512Mi
worker:
replicas: 2
annotations:
reloader.stakater.com/auto: "true"
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: 250m
memory: 512Mi
postgresql:
enabled: false
redis:
enabled: false
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/bind-internal
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/bind-system
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/encapi
+4
View File
@@ -10,7 +10,10 @@ spec:
repoURL: https://git.unkin.net/unkin/argocd-apps
revision: HEAD
directories:
- path: apps/overlays/*/authentik
- path: apps/overlays/*/artifactapi
- path: apps/overlays/*/bind-system
- path: apps/overlays/*/bind-internal
- path: apps/overlays/*/age-api
- path: apps/overlays/*/cattle-system
- path: apps/overlays/*/cert-manager
@@ -18,6 +21,7 @@ spec:
- path: apps/overlays/*/cnpg-system
- path: apps/overlays/*/consul
- path: apps/overlays/*/elastic-system
- path: apps/overlays/*/encapi
- path: apps/overlays/*/externaldns
- path: apps/overlays/*/inteldeviceplugins-system
- path: apps/overlays/*/jfrog
+4
View File
@@ -19,6 +19,10 @@ spec:
server: https://kubernetes.default.svc
- namespace: 'age-api'
server: https://kubernetes.default.svc
- namespace: 'authentik'
server: https://kubernetes.default.svc
- namespace: 'bind-internal'
server: https://kubernetes.default.svc
- namespace: 'cert-manager'
server: https://kubernetes.default.svc
- namespace: 'certificates'
+19 -103
View File
@@ -2,33 +2,40 @@
set -euo pipefail
SCHEMA_DIR="${1:-schemas}"
rm -rf "$SCHEMA_DIR"
mkdir -p "$SCHEMA_DIR"
CRD_URLS=(
"https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml"
"https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml"
)
SWAGGER_URL="https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/kubernetes/kubernetes/refs/tags/v1.33.7/api/openapi-spec/swagger.json"
echo "==> Fetching CRDs from cluster..." >&2
kubectl get crds -o json | python3 -c "
import sys, json, os
data = json.load(sys.stdin)
schema_dir = '$SCHEMA_DIR'
def write_schema(schema, schema_dir, group, kind, version):
def strip_descriptions(obj):
if isinstance(obj, dict):
return {k: strip_descriptions(v) for k, v in obj.items() if k != 'description'}
if isinstance(obj, list):
return [strip_descriptions(i) for i in obj]
return obj
schema = strip_descriptions(schema)
group_dir = os.path.join(schema_dir, group)
os.makedirs(group_dir, exist_ok=True)
fname = f'{kind}_{version}.json'.lower()
with open(os.path.join(group_dir, fname), 'w') as f:
json.dump(schema, f, indent=2, sort_keys=True)
f.write('\n')
print(f' Generated: {group}/{fname}', file=sys.stderr)
data = json.load(sys.stdin)
for crd in data.get('items', []):
spec = crd.get('spec', {})
group = spec.get('group', '')
kind = spec.get('names', {}).get('kind', '')
for ver in spec.get('versions', []):
version = ver.get('name', '')
openapi = ver.get('schema', {}).get('openAPIV3Schema', {})
if not openapi:
continue
schema = dict(openapi)
schema['\$schema'] = 'http://json-schema.org/draft-07/schema#'
schema['type'] = 'object'
@@ -36,98 +43,7 @@ for crd in data.get('items', []):
schema['properties'].setdefault('apiVersion', {'type': 'string'})
schema['properties'].setdefault('kind', {'type': 'string'})
schema['properties'].setdefault('metadata', {'type': 'object'})
group_dir = os.path.join(schema_dir, group)
os.makedirs(group_dir, exist_ok=True)
fname = f'{kind}_{version}.json'.lower()
with open(os.path.join(group_dir, fname), 'w') as f:
json.dump(schema, f, indent=2)
print(f' Generated: {group}/{fname}', file=sys.stderr)
"
echo "==> Downloading CRD manifests for offline schemas..." >&2
for url in "${CRD_URLS[@]}"; do
echo " Fetching: $url" >&2
curl -sSfL "$url"
done | python3 -c "
import sys, json, yaml, os
schema_dir = '$SCHEMA_DIR'
for doc in yaml.safe_load_all(sys.stdin):
if doc is None:
continue
if doc.get('kind') != 'CustomResourceDefinition':
continue
spec = doc.get('spec', {})
group = spec.get('group', '')
kind = spec.get('names', {}).get('kind', '')
for ver in spec.get('versions', []):
version = ver.get('name', '')
openapi = ver.get('schema', {}).get('openAPIV3Schema', {})
if not openapi:
continue
group_dir = os.path.join(schema_dir, group)
fname = f'{kind}_{version}.json'.lower()
out_path = os.path.join(group_dir, fname)
if os.path.exists(out_path):
continue
schema = dict(openapi)
schema['\$schema'] = 'http://json-schema.org/draft-07/schema#'
schema['type'] = 'object'
schema.setdefault('properties', {})
schema['properties'].setdefault('apiVersion', {'type': 'string'})
schema['properties'].setdefault('kind', {'type': 'string'})
schema['properties'].setdefault('metadata', {'type': 'object'})
os.makedirs(group_dir, exist_ok=True)
with open(out_path, 'w') as f:
json.dump(schema, f, indent=2)
print(f' Generated: {group}/{fname}', file=sys.stderr)
"
echo "==> Downloading Kubernetes swagger spec..." >&2
curl -sSfL "$SWAGGER_URL" | python3 -c "
import sys, json, os
swagger = json.load(sys.stdin)
definitions = swagger.get('definitions', {})
schema_dir = '$SCHEMA_DIR'
for defn_name, defn in definitions.items():
gvk_list = defn.get('x-kubernetes-group-version-kind', [])
for gvk in gvk_list:
group = gvk.get('group', '')
version = gvk.get('version', '')
kind = gvk.get('kind', '')
schema = {
'\$schema': 'http://json-schema.org/draft-07/schema#',
'type': 'object',
'properties': {},
'additionalProperties': True,
}
for prop_name, prop_val in defn.get('properties', {}).items():
prop_copy = {k: v for k, v in prop_val.items() if k != '\$ref'}
if not prop_copy.get('type') and 'description' in prop_copy:
prop_copy['type'] = 'object'
prop_copy['additionalProperties'] = True
schema['properties'][prop_name] = prop_copy
group_dir = os.path.join(schema_dir, group) if group else schema_dir
os.makedirs(group_dir, exist_ok=True)
fname = f'{kind}_{version}.json'.lower()
with open(os.path.join(group_dir, fname), 'w') as f:
json.dump(schema, f, indent=2)
print(f' Generated Kubernetes native schemas', file=sys.stderr)
write_schema(schema, '$SCHEMA_DIR', group, kind, version)
"
total=$(find "$SCHEMA_DIR" -name '*.json' | wc -l)
+1 -1
View File
@@ -21,6 +21,6 @@ while IFS= read -r -d "" k; do
-summary \
-output pretty \
-verbose \
-skip CustomResourceDefinition,GpuDevicePlugin,LBNodeAgent,ServiceGroup \
-skip CustomResourceDefinition \
"${schema_args[@]}"
done < <(find apps/overlays -name kustomization.yaml -print0)
File diff suppressed because it is too large Load Diff
+162
View File
@@ -0,0 +1,162 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"commonName": {
"type": "string"
},
"dnsNames": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"duration": {
"type": "string"
},
"ipAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"issuerRef": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"profile": {
"type": "string"
},
"request": {
"format": "byte",
"type": "string"
}
},
"required": [
"issuerRef",
"request"
],
"type": "object"
},
"status": {
"properties": {
"authorizations": {
"items": {
"properties": {
"challenges": {
"items": {
"properties": {
"token": {
"type": "string"
},
"type": {
"type": "string"
},
"url": {
"type": "string"
}
},
"required": [
"token",
"type",
"url"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"identifier": {
"type": "string"
},
"initialState": {
"enum": [
"valid",
"ready",
"pending",
"processing",
"invalid",
"expired",
"errored"
],
"type": "string"
},
"url": {
"type": "string"
},
"wildcard": {
"type": "boolean"
}
},
"required": [
"url"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"certificate": {
"format": "byte",
"type": "string"
},
"failureTime": {
"format": "date-time",
"type": "string"
},
"finalizeURL": {
"type": "string"
},
"reason": {
"type": "string"
},
"state": {
"enum": [
"valid",
"ready",
"pending",
"processing",
"invalid",
"expired",
"errored"
],
"type": "string"
},
"url": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}
@@ -0,0 +1,130 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"resources": {
"items": {
"properties": {
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object"
},
"type": "array"
},
"strategy": {
"enum": [
"ApplyOnce"
],
"type": "string"
}
},
"required": [
"clusterSelector"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"type": "string"
},
"reason": {
"type": "string"
},
"severity": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,130 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"resources": {
"items": {
"properties": {
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object"
},
"type": "array"
},
"strategy": {
"enum": [
"ApplyOnce"
],
"type": "string"
}
},
"required": [
"clusterSelector"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"type": "string"
},
"reason": {
"type": "string"
},
"severity": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,198 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"resources": {
"items": {
"properties": {
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"maxLength": 253,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"strategy": {
"enum": [
"ApplyOnce",
"Reconcile"
],
"type": "string"
}
},
"required": [
"clusterSelector"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 10240,
"minLength": 1,
"type": "string"
},
"reason": {
"maxLength": 256,
"minLength": 1,
"type": "string"
},
"severity": {
"maxLength": 32,
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"maxLength": 256,
"minLength": 1,
"type": "string"
}
},
"required": [
"lastTransitionTime",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"v1beta2": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"maxItems": 32,
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,68 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"bindings": {
"items": {
"properties": {
"clusterResourceSetName": {
"type": "string"
},
"resources": {
"items": {
"properties": {
"applied": {
"type": "boolean"
},
"hash": {
"type": "string"
},
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"lastAppliedTime": {
"format": "date-time",
"type": "string"
},
"name": {
"minLength": 1,
"type": "string"
}
},
"required": [
"applied",
"kind",
"name"
],
"type": "object"
},
"type": "array"
}
},
"required": [
"clusterResourceSetName"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,68 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"bindings": {
"items": {
"properties": {
"clusterResourceSetName": {
"type": "string"
},
"resources": {
"items": {
"properties": {
"applied": {
"type": "boolean"
},
"hash": {
"type": "string"
},
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"lastAppliedTime": {
"format": "date-time",
"type": "string"
},
"name": {
"minLength": 1,
"type": "string"
}
},
"required": [
"applied",
"kind",
"name"
],
"type": "object"
},
"type": "array"
}
},
"required": [
"clusterResourceSetName"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,80 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"bindings": {
"items": {
"properties": {
"clusterResourceSetName": {
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"resources": {
"items": {
"properties": {
"applied": {
"type": "boolean"
},
"hash": {
"maxLength": 256,
"minLength": 1,
"type": "string"
},
"kind": {
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"lastAppliedTime": {
"format": "date-time",
"type": "string"
},
"name": {
"maxLength": 253,
"minLength": 1,
"type": "string"
}
},
"required": [
"applied",
"kind",
"name"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
}
},
"required": [
"clusterResourceSetName"
],
"type": "object"
},
"maxItems": 100,
"type": "array"
},
"clusterName": {
"maxLength": 63,
"minLength": 1,
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,693 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"config": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"configRef": {
"properties": {
"secretName": {
"type": "string"
}
},
"type": "object"
},
"daemonSet": {
"properties": {
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"updateStrategy": {
"properties": {
"rollingUpdate": {
"properties": {
"maxSurge": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
},
"maxUnavailable": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"type": "object"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"deployment": {
"properties": {
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"replicas": {
"format": "int32",
"type": "integer"
},
"strategy": {
"properties": {
"rollingUpdate": {
"properties": {
"maxSurge": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
},
"maxUnavailable": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"type": "object"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"elasticsearchRefs": {
"items": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"outputName": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"fleetServerEnabled": {
"type": "boolean"
},
"fleetServerRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"http": {
"properties": {
"service": {
"properties": {
"metadata": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"finalizers": {
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
},
"spec": {
"properties": {
"allocateLoadBalancerNodePorts": {
"type": "boolean"
},
"clusterIP": {
"type": "string"
},
"clusterIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalName": {
"type": "string"
},
"externalTrafficPolicy": {
"type": "string"
},
"healthCheckNodePort": {
"format": "int32",
"type": "integer"
},
"internalTrafficPolicy": {
"type": "string"
},
"ipFamilies": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ipFamilyPolicy": {
"type": "string"
},
"loadBalancerClass": {
"type": "string"
},
"loadBalancerIP": {
"type": "string"
},
"loadBalancerSourceRanges": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ports": {
"items": {
"properties": {
"appProtocol": {
"type": "string"
},
"name": {
"type": "string"
},
"nodePort": {
"format": "int32",
"type": "integer"
},
"port": {
"format": "int32",
"type": "integer"
},
"protocol": {
"default": "TCP",
"type": "string"
},
"targetPort": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"required": [
"port"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"port",
"protocol"
],
"x-kubernetes-list-type": "map"
},
"publishNotReadyAddresses": {
"type": "boolean"
},
"selector": {
"additionalProperties": {
"type": "string"
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"sessionAffinity": {
"type": "string"
},
"sessionAffinityConfig": {
"properties": {
"clientIP": {
"properties": {
"timeoutSeconds": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
},
"trafficDistribution": {
"type": "string"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"tls": {
"properties": {
"certificate": {
"properties": {
"secretName": {
"type": "string"
}
},
"type": "object"
},
"selfSignedCertificate": {
"properties": {
"disabled": {
"type": "boolean"
},
"subjectAltNames": {
"items": {
"properties": {
"dns": {
"type": "string"
},
"ip": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
},
"image": {
"type": "string"
},
"kibanaRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"mode": {
"enum": [
"standalone",
"fleet"
],
"type": "string"
},
"policyID": {
"type": "string"
},
"revisionHistoryLimit": {
"format": "int32",
"type": "integer"
},
"secureSettings": {
"items": {
"properties": {
"entries": {
"items": {
"properties": {
"key": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"key"
],
"type": "object"
},
"type": "array"
},
"secretName": {
"type": "string"
}
},
"required": [
"secretName"
],
"type": "object"
},
"type": "array"
},
"serviceAccountName": {
"type": "string"
},
"statefulSet": {
"properties": {
"podManagementPolicy": {
"default": "Parallel",
"enum": [
"OrderedReady",
"Parallel"
],
"type": "string"
},
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"replicas": {
"format": "int32",
"type": "integer"
},
"serviceName": {
"type": "string"
},
"volumeClaimTemplates": {
"items": {
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"finalizers": {
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
},
"spec": {
"properties": {
"accessModes": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"dataSource": {
"properties": {
"apiGroup": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"dataSourceRef": {
"properties": {
"apiGroup": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object"
},
"resources": {
"properties": {
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
}
},
"type": "object"
},
"selector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"storageClassName": {
"type": "string"
},
"volumeAttributesClassName": {
"type": "string"
},
"volumeMode": {
"type": "string"
},
"volumeName": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
},
"version": {
"type": "string"
}
},
"required": [
"version"
],
"type": "object"
},
"status": {
"properties": {
"availableNodes": {
"format": "int32",
"type": "integer"
},
"elasticsearchAssociationsStatus": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"expectedNodes": {
"format": "int32",
"type": "integer"
},
"fleetServerAssociationStatus": {
"type": "string"
},
"health": {
"type": "string"
},
"kibanaAssociationStatus": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"version": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,364 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"config": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"count": {
"format": "int32",
"type": "integer"
},
"elasticsearchRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"http": {
"properties": {
"service": {
"properties": {
"metadata": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"finalizers": {
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
},
"spec": {
"properties": {
"allocateLoadBalancerNodePorts": {
"type": "boolean"
},
"clusterIP": {
"type": "string"
},
"clusterIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalName": {
"type": "string"
},
"externalTrafficPolicy": {
"type": "string"
},
"healthCheckNodePort": {
"format": "int32",
"type": "integer"
},
"internalTrafficPolicy": {
"type": "string"
},
"ipFamilies": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ipFamilyPolicy": {
"type": "string"
},
"loadBalancerClass": {
"type": "string"
},
"loadBalancerIP": {
"type": "string"
},
"loadBalancerSourceRanges": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ports": {
"items": {
"properties": {
"appProtocol": {
"type": "string"
},
"name": {
"type": "string"
},
"nodePort": {
"format": "int32",
"type": "integer"
},
"port": {
"format": "int32",
"type": "integer"
},
"protocol": {
"default": "TCP",
"type": "string"
},
"targetPort": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"required": [
"port"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"port",
"protocol"
],
"x-kubernetes-list-type": "map"
},
"publishNotReadyAddresses": {
"type": "boolean"
},
"selector": {
"additionalProperties": {
"type": "string"
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"sessionAffinity": {
"type": "string"
},
"sessionAffinityConfig": {
"properties": {
"clientIP": {
"properties": {
"timeoutSeconds": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
},
"trafficDistribution": {
"type": "string"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"tls": {
"properties": {
"certificate": {
"properties": {
"secretName": {
"type": "string"
}
},
"type": "object"
},
"selfSignedCertificate": {
"properties": {
"disabled": {
"type": "boolean"
},
"subjectAltNames": {
"items": {
"properties": {
"dns": {
"type": "string"
},
"ip": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
},
"image": {
"type": "string"
},
"kibanaRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"revisionHistoryLimit": {
"format": "int32",
"type": "integer"
},
"secureSettings": {
"items": {
"properties": {
"entries": {
"items": {
"properties": {
"key": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"key"
],
"type": "object"
},
"type": "array"
},
"secretName": {
"type": "string"
}
},
"required": [
"secretName"
],
"type": "object"
},
"type": "array"
},
"serviceAccountName": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"version"
],
"type": "object"
},
"status": {
"properties": {
"availableNodes": {
"format": "int32",
"type": "integer"
},
"count": {
"format": "int32",
"type": "integer"
},
"elasticsearchAssociationStatus": {
"type": "string"
},
"health": {
"type": "string"
},
"kibanaAssociationStatus": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"secretTokenSecret": {
"type": "string"
},
"selector": {
"type": "string"
},
"service": {
"type": "string"
},
"version": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,15 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,317 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"config": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"count": {
"format": "int32",
"type": "integer"
},
"elasticsearchRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"http": {
"properties": {
"service": {
"properties": {
"metadata": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"finalizers": {
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
},
"spec": {
"properties": {
"allocateLoadBalancerNodePorts": {
"type": "boolean"
},
"clusterIP": {
"type": "string"
},
"clusterIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalIPs": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"externalName": {
"type": "string"
},
"externalTrafficPolicy": {
"type": "string"
},
"healthCheckNodePort": {
"format": "int32",
"type": "integer"
},
"internalTrafficPolicy": {
"type": "string"
},
"ipFamilies": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ipFamilyPolicy": {
"type": "string"
},
"loadBalancerClass": {
"type": "string"
},
"loadBalancerIP": {
"type": "string"
},
"loadBalancerSourceRanges": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ports": {
"items": {
"properties": {
"appProtocol": {
"type": "string"
},
"name": {
"type": "string"
},
"nodePort": {
"format": "int32",
"type": "integer"
},
"port": {
"format": "int32",
"type": "integer"
},
"protocol": {
"default": "TCP",
"type": "string"
},
"targetPort": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"required": [
"port"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"port",
"protocol"
],
"x-kubernetes-list-type": "map"
},
"publishNotReadyAddresses": {
"type": "boolean"
},
"selector": {
"additionalProperties": {
"type": "string"
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"sessionAffinity": {
"type": "string"
},
"sessionAffinityConfig": {
"properties": {
"clientIP": {
"properties": {
"timeoutSeconds": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
},
"trafficDistribution": {
"type": "string"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"tls": {
"properties": {
"certificate": {
"properties": {
"secretName": {
"type": "string"
}
},
"type": "object"
},
"selfSignedCertificate": {
"properties": {
"disabled": {
"type": "boolean"
},
"subjectAltNames": {
"items": {
"properties": {
"dns": {
"type": "string"
},
"ip": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
},
"image": {
"type": "string"
},
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"secureSettings": {
"items": {
"properties": {
"entries": {
"items": {
"properties": {
"key": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"key"
],
"type": "object"
},
"type": "array"
},
"secretName": {
"type": "string"
}
},
"required": [
"secretName"
],
"type": "object"
},
"type": "array"
},
"version": {
"type": "string"
}
},
"type": "object"
},
"status": {
"properties": {
"associationStatus": {
"type": "string"
},
"availableNodes": {
"format": "int32",
"type": "integer"
},
"health": {
"type": "string"
},
"secretTokenSecret": {
"type": "string"
},
"service": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,321 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterResourceBlacklist": {
"items": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"group",
"kind"
],
"type": "object"
},
"type": "array"
},
"clusterResourceWhitelist": {
"items": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"group",
"kind"
],
"type": "object"
},
"type": "array"
},
"destinationServiceAccounts": {
"items": {
"properties": {
"defaultServiceAccount": {
"type": "string"
},
"namespace": {
"type": "string"
},
"server": {
"type": "string"
}
},
"required": [
"defaultServiceAccount",
"server"
],
"type": "object"
},
"type": "array"
},
"destinations": {
"items": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"server": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"namespaceResourceBlacklist": {
"items": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
}
},
"required": [
"group",
"kind"
],
"type": "object"
},
"type": "array"
},
"namespaceResourceWhitelist": {
"items": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
}
},
"required": [
"group",
"kind"
],
"type": "object"
},
"type": "array"
},
"orphanedResources": {
"properties": {
"ignore": {
"items": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"warn": {
"type": "boolean"
}
},
"type": "object"
},
"permitOnlyProjectScopedClusters": {
"type": "boolean"
},
"roles": {
"items": {
"properties": {
"groups": {
"items": {
"type": "string"
},
"type": "array"
},
"jwtTokens": {
"items": {
"properties": {
"exp": {
"format": "int64",
"type": "integer"
},
"iat": {
"format": "int64",
"type": "integer"
},
"id": {
"type": "string"
}
},
"required": [
"iat"
],
"type": "object"
},
"type": "array"
},
"name": {
"type": "string"
},
"policies": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array"
},
"signatureKeys": {
"items": {
"properties": {
"keyID": {
"type": "string"
}
},
"required": [
"keyID"
],
"type": "object"
},
"type": "array"
},
"sourceNamespaces": {
"items": {
"type": "string"
},
"type": "array"
},
"sourceRepos": {
"items": {
"type": "string"
},
"type": "array"
},
"syncWindows": {
"items": {
"properties": {
"andOperator": {
"type": "boolean"
},
"applications": {
"items": {
"type": "string"
},
"type": "array"
},
"clusters": {
"items": {
"type": "string"
},
"type": "array"
},
"duration": {
"type": "string"
},
"kind": {
"type": "string"
},
"manualSync": {
"type": "boolean"
},
"namespaces": {
"items": {
"type": "string"
},
"type": "array"
},
"schedule": {
"type": "string"
},
"timeZone": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
},
"status": {
"properties": {
"jwtTokensByRole": {
"additionalProperties": {
"properties": {
"items": {
"items": {
"properties": {
"exp": {
"format": "int64",
"type": "integer"
},
"iat": {
"format": "int64",
"type": "integer"
},
"id": {
"type": "string"
}
},
"required": [
"iat"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
},
"type": "object"
}
},
"type": "object"
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}
@@ -0,0 +1,148 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"additionalRedactions": {
"items": {
"properties": {
"headers": {
"items": {
"type": "string"
},
"type": "array"
},
"paths": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"type": "array"
},
"enabled": {
"type": "boolean"
},
"filters": {
"items": {
"properties": {
"action": {
"type": "string"
},
"requestURI": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"verbosity": {
"properties": {
"level": {
"type": "integer"
},
"request": {
"properties": {
"body": {
"type": "boolean"
},
"headers": {
"type": "boolean"
}
},
"type": "object"
},
"response": {
"properties": {
"body": {
"type": "boolean"
},
"headers": {
"type": "boolean"
}
},
"type": "object"
}
},
"required": [
"level"
],
"type": "object"
}
},
"required": [
"enabled"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -0,0 +1,352 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"elasticsearchRef": {
"properties": {
"name": {
"minLength": 1,
"type": "string"
}
},
"type": "object"
},
"policies": {
"items": {
"properties": {
"deciders": {
"additionalProperties": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"type": "object"
},
"name": {
"type": "string"
},
"resources": {
"properties": {
"cpu": {
"properties": {
"max": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"min": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"requestsToLimitsRatio": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
}
},
"required": [
"max",
"min"
],
"type": "object"
},
"memory": {
"properties": {
"max": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"min": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"requestsToLimitsRatio": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
}
},
"required": [
"max",
"min"
],
"type": "object"
},
"nodeCount": {
"properties": {
"max": {
"format": "int32",
"type": "integer"
},
"min": {
"format": "int32",
"type": "integer"
}
},
"required": [
"max",
"min"
],
"type": "object"
},
"storage": {
"properties": {
"max": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"min": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"requestsToLimitsRatio": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
}
},
"required": [
"max",
"min"
],
"type": "object"
}
},
"required": [
"nodeCount"
],
"type": "object"
},
"roles": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"resources"
],
"type": "object"
},
"type": "array"
},
"pollingPeriod": {
"type": "string"
}
},
"required": [
"elasticsearchRef",
"policies"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"policies": {
"items": {
"properties": {
"lastModificationTime": {
"format": "date-time",
"type": "string"
},
"name": {
"type": "string"
},
"nodeSets": {
"items": {
"properties": {
"name": {
"type": "string"
},
"nodeCount": {
"format": "int32",
"type": "integer"
}
},
"required": [
"name",
"nodeCount"
],
"type": "object"
},
"type": "array"
},
"resources": {
"properties": {
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
}
},
"type": "object"
},
"state": {
"items": {
"properties": {
"messages": {
"items": {
"type": "string"
},
"type": "array"
},
"type": {
"type": "string"
}
},
"required": [
"messages",
"type"
],
"type": "object"
},
"type": "array"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,301 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"config": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"configRef": {
"properties": {
"secretName": {
"type": "string"
}
},
"type": "object"
},
"daemonSet": {
"properties": {
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"updateStrategy": {
"properties": {
"rollingUpdate": {
"properties": {
"maxSurge": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
},
"maxUnavailable": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"type": "object"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"deployment": {
"properties": {
"podTemplate": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"replicas": {
"format": "int32",
"type": "integer"
},
"strategy": {
"properties": {
"rollingUpdate": {
"properties": {
"maxSurge": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
},
"maxUnavailable": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"x-kubernetes-int-or-string": true
}
},
"type": "object"
},
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"elasticsearchRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"image": {
"type": "string"
},
"kibanaRef": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"monitoring": {
"properties": {
"logs": {
"properties": {
"elasticsearchRefs": {
"items": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
},
"metrics": {
"properties": {
"elasticsearchRefs": {
"items": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"secretName": {
"type": "string"
},
"serviceName": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
},
"type": "object"
},
"revisionHistoryLimit": {
"format": "int32",
"type": "integer"
},
"secureSettings": {
"items": {
"properties": {
"entries": {
"items": {
"properties": {
"key": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"key"
],
"type": "object"
},
"type": "array"
},
"secretName": {
"type": "string"
}
},
"required": [
"secretName"
],
"type": "object"
},
"type": "array"
},
"serviceAccountName": {
"type": "string"
},
"type": {
"maxLength": 20,
"pattern": "[a-zA-Z0-9-]+",
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"type",
"version"
],
"type": "object"
},
"status": {
"properties": {
"availableNodes": {
"format": "int32",
"type": "integer"
},
"elasticsearchAssociationStatus": {
"type": "string"
},
"expectedNodes": {
"format": "int32",
"type": "integer"
},
"health": {
"type": "string"
},
"kibanaAssociationStatus": {
"type": "string"
},
"monitoringAssociationStatus": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"version": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,96 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterRef": {
"type": "string"
},
"entries": {
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"entries"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,106 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterRef": {
"type": "string"
},
"defaultPrimaries": {
"items": {
"type": "string"
},
"type": "array"
},
"transferKeyRef": {
"type": "string"
},
"zoneName": {
"type": "string"
}
},
"required": [
"clusterRef",
"zoneName"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"memberCount": {
"format": "int32",
"type": "integer"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,898 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"affinity": {
"properties": {
"nodeAffinity": {
"properties": {
"preferredDuringSchedulingIgnoredDuringExecution": {
"items": {
"properties": {
"preference": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchFields": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"weight": {
"format": "int32",
"type": "integer"
}
},
"required": [
"preference",
"weight"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"requiredDuringSchedulingIgnoredDuringExecution": {
"properties": {
"nodeSelectorTerms": {
"items": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchFields": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"nodeSelectorTerms"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
},
"podAffinity": {
"properties": {
"preferredDuringSchedulingIgnoredDuringExecution": {
"items": {
"properties": {
"podAffinityTerm": {
"properties": {
"labelSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"matchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"mismatchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"namespaceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"namespaces": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"topologyKey": {
"type": "string"
}
},
"required": [
"topologyKey"
],
"type": "object"
},
"weight": {
"format": "int32",
"type": "integer"
}
},
"required": [
"podAffinityTerm",
"weight"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"requiredDuringSchedulingIgnoredDuringExecution": {
"items": {
"properties": {
"labelSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"matchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"mismatchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"namespaceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"namespaces": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"topologyKey": {
"type": "string"
}
},
"required": [
"topologyKey"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
"podAntiAffinity": {
"properties": {
"preferredDuringSchedulingIgnoredDuringExecution": {
"items": {
"properties": {
"podAffinityTerm": {
"properties": {
"labelSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"matchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"mismatchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"namespaceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"namespaces": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"topologyKey": {
"type": "string"
}
},
"required": [
"topologyKey"
],
"type": "object"
},
"weight": {
"format": "int32",
"type": "integer"
}
},
"required": [
"podAffinityTerm",
"weight"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"requiredDuringSchedulingIgnoredDuringExecution": {
"items": {
"properties": {
"labelSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"matchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"mismatchLabelKeys": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"namespaceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"namespaces": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"topologyKey": {
"type": "string"
}
},
"required": [
"topologyKey"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
}
},
"type": "object"
},
"allowNewZones": {
"default": true,
"type": "boolean"
},
"catalogZoneRef": {
"type": "string"
},
"extraOptions": {
"items": {
"type": "string"
},
"type": "array"
},
"forwarders": {
"items": {
"type": "string"
},
"type": "array"
},
"image": {
"default": "internetsystemsconsortium/bind9:9.20",
"type": "string"
},
"imagePullPolicy": {
"type": "string"
},
"mode": {
"default": "authoritative",
"enum": [
"authoritative",
"resolver"
],
"type": "string"
},
"nodeSelector": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"recursion": {
"type": "boolean"
},
"replicas": {
"default": 3,
"format": "int32",
"minimum": 1,
"type": "integer"
},
"resources": {
"properties": {
"claims": {
"items": {
"properties": {
"name": {
"type": "string"
},
"request": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
},
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"type": "object"
}
},
"type": "object"
},
"service": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"loadBalancerIP": {
"type": "string"
},
"type": {
"enum": [
"ClusterIP",
"LoadBalancer",
"NodePort"
],
"type": "string"
}
},
"type": "object"
},
"storageClassName": {
"type": "string"
},
"storageSize": {
"default": "1Gi",
"type": "string"
},
"tolerations": {
"items": {
"properties": {
"effect": {
"type": "string"
},
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"tolerationSeconds": {
"format": "int64",
"type": "integer"
},
"value": {
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
},
"required": [
"mode"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"phase": {
"type": "string"
},
"primaryPod": {
"type": "string"
},
"primaryService": {
"type": "string"
},
"readyReplicas": {
"format": "int32",
"type": "integer"
},
"replicas": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,160 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"algorithm": {
"default": "ecdsap256sha256",
"type": "string"
},
"clusterRef": {
"type": "string"
},
"csk": {
"properties": {
"algorithm": {
"type": "string"
},
"keySize": {
"format": "int32",
"type": "integer"
},
"lifetime": {
"type": "string"
}
},
"type": "object"
},
"extraOptions": {
"items": {
"type": "string"
},
"type": "array"
},
"ksk": {
"properties": {
"algorithm": {
"type": "string"
},
"keySize": {
"format": "int32",
"type": "integer"
},
"lifetime": {
"type": "string"
}
},
"type": "object"
},
"maxZoneTTL": {
"type": "string"
},
"nsec3": {
"type": "boolean"
},
"policyName": {
"type": "string"
},
"signaturesValidity": {
"type": "string"
},
"zsk": {
"properties": {
"algorithm": {
"type": "string"
},
"keySize": {
"format": "int32",
"type": "integer"
},
"lifetime": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"clusterRef"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
},
"zoneCount": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,154 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"clusterRef": {
"type": "string"
},
"order": {
"default": 100,
"format": "int32",
"type": "integer"
},
"primaries": {
"items": {
"type": "string"
},
"type": "array"
},
"rules": {
"items": {
"properties": {
"action": {
"default": "nxdomain",
"enum": [
"nxdomain",
"nodata",
"passthru",
"drop",
"tcp-only",
"cname"
],
"type": "string"
},
"match": {
"type": "string"
},
"target": {
"type": "string"
},
"trigger": {
"default": "qname",
"enum": [
"qname",
"client-ip",
"ip",
"nsdname",
"nsip"
],
"type": "string"
}
},
"required": [
"match"
],
"type": "object"
},
"type": "array"
},
"transferKeyRef": {
"type": "string"
},
"viewRef": {
"type": "string"
},
"zoneName": {
"type": "string"
}
},
"required": [
"clusterRef",
"zoneName"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
},
"ruleCount": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,113 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"algorithm": {
"default": "hmac-sha256",
"enum": [
"hmac-sha256",
"hmac-sha512",
"hmac-sha384",
"hmac-sha224",
"hmac-sha1",
"hmac-md5"
],
"type": "string"
},
"clusterRef": {
"type": "string"
},
"importExisting": {
"type": "boolean"
},
"keyName": {
"type": "string"
},
"secretName": {
"type": "string"
}
},
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"keyName": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
},
"secretName": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,125 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowQuery": {
"items": {
"type": "string"
},
"type": "array"
},
"clusterRef": {
"type": "string"
},
"extraOptions": {
"items": {
"type": "string"
},
"type": "array"
},
"matchClients": {
"items": {
"type": "string"
},
"type": "array"
},
"matchDestinations": {
"items": {
"type": "string"
},
"type": "array"
},
"order": {
"default": 100,
"format": "int32",
"type": "integer"
},
"recursion": {
"type": "boolean"
}
},
"required": [
"clusterRef"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"type": "boolean"
},
"zoneCount": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,186 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowTransfer": {
"items": {
"type": "string"
},
"type": "array"
},
"catalog": {
"default": true,
"type": "boolean"
},
"clusterRef": {
"type": "string"
},
"defaultTTL": {
"default": 3600,
"format": "int32",
"type": "integer"
},
"dnssecPolicyRef": {
"type": "string"
},
"dynamicUpdate": {
"type": "boolean"
},
"forwarders": {
"items": {
"type": "string"
},
"type": "array"
},
"primaries": {
"items": {
"type": "string"
},
"type": "array"
},
"records": {
"items": {
"properties": {
"name": {
"default": "@",
"type": "string"
},
"ttl": {
"format": "int32",
"type": "integer"
},
"type": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"type",
"values"
],
"type": "object"
},
"type": "array"
},
"transferKeyRef": {
"type": "string"
},
"type": {
"default": "primary",
"enum": [
"primary",
"secondary",
"forward",
"stub"
],
"type": "string"
},
"updateKeyRef": {
"type": "string"
},
"viewRef": {
"type": "string"
},
"zoneName": {
"type": "string"
}
},
"required": [
"clusterRef",
"zoneName"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"phase": {
"type": "string"
},
"recordCount": {
"format": "int32",
"type": "integer"
},
"serial": {
"format": "int64",
"type": "integer"
},
"signed": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,112 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"name": {
"default": "@",
"type": "string"
},
"ttl": {
"format": "int32",
"type": "integer"
},
"type": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"zoneRef": {
"type": "string"
}
},
"required": [
"type",
"values",
"zoneRef"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"fqdn": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"phase": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
+222
View File
@@ -0,0 +1,222 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"chart": {
"nullable": true,
"properties": {
"metadata": {
"nullable": true,
"properties": {
"annotations": {
"additionalProperties": {
"nullable": true,
"type": "string"
},
"nullable": true,
"type": "object"
},
"apiVersion": {
"nullable": true,
"type": "string"
},
"appVersion": {
"nullable": true,
"type": "string"
},
"condition": {
"nullable": true,
"type": "string"
},
"deprecated": {
"type": "boolean"
},
"home": {
"nullable": true,
"type": "string"
},
"icon": {
"nullable": true,
"type": "string"
},
"keywords": {
"items": {
"nullable": true,
"type": "string"
},
"nullable": true,
"type": "array"
},
"kubeVersion": {
"nullable": true,
"type": "string"
},
"maintainers": {
"items": {
"properties": {
"email": {
"nullable": true,
"type": "string"
},
"name": {
"nullable": true,
"type": "string"
},
"url": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"nullable": true,
"type": "array"
},
"name": {
"nullable": true,
"type": "string"
},
"sources": {
"items": {
"nullable": true,
"type": "string"
},
"nullable": true,
"type": "array"
},
"tags": {
"nullable": true,
"type": "string"
},
"type": {
"nullable": true,
"type": "string"
},
"version": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"values": {
"nullable": true,
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
}
},
"type": "object"
},
"helmVersion": {
"type": "integer"
},
"info": {
"nullable": true,
"properties": {
"deleted": {
"nullable": true,
"type": "string"
},
"firstDeployed": {
"nullable": true,
"type": "string"
},
"lastDeployed": {
"nullable": true,
"type": "string"
},
"notes": {
"nullable": true,
"type": "string"
},
"readme": {
"nullable": true,
"type": "string"
},
"status": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"name": {
"nullable": true,
"type": "string"
},
"namespace": {
"nullable": true,
"type": "string"
},
"resources": {
"items": {
"properties": {
"apiVersion": {
"nullable": true,
"type": "string"
},
"kind": {
"nullable": true,
"type": "string"
},
"name": {
"nullable": true,
"type": "string"
},
"namespace": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"nullable": true,
"type": "array"
},
"values": {
"nullable": true,
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"version": {
"type": "integer"
}
},
"type": "object"
},
"status": {
"properties": {
"observedGeneration": {
"type": "integer"
},
"summary": {
"properties": {
"error": {
"type": "boolean"
},
"state": {
"nullable": true,
"type": "string"
},
"transitioning": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,163 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"basicAuthSecretName": {
"type": "string"
},
"caBundle": {
"format": "byte",
"type": "string"
},
"clientSecret": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
},
"disableSameOriginCheck": {
"type": "boolean"
},
"enabled": {
"type": "boolean"
},
"exponentialBackOffValues": {
"properties": {
"maxRetries": {
"type": "integer"
},
"maxWait": {
"type": "integer"
},
"minWait": {
"type": "integer"
}
},
"type": "object"
},
"forceUpdate": {
"format": "date-time",
"type": "string"
},
"gitBranch": {
"type": "string"
},
"gitRepo": {
"type": "string"
},
"insecurePlainHttp": {
"type": "boolean"
},
"insecureSkipTLSVerify": {
"type": "boolean"
},
"refreshInterval": {
"type": "integer"
},
"serviceAccount": {
"type": "string"
},
"serviceAccountNamespace": {
"type": "string"
},
"url": {
"type": "string"
}
},
"type": "object"
},
"status": {
"properties": {
"branch": {
"type": "string"
},
"commit": {
"type": "string"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"type": "string"
},
"lastUpdateTime": {
"type": "string"
},
"message": {
"type": "string"
},
"reason": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"downloadTime": {
"format": "date-time",
"type": "string"
},
"indexConfigMapName": {
"type": "string"
},
"indexConfigMapNamespace": {
"type": "string"
},
"indexConfigMapResourceVersion": {
"type": "string"
},
"nextRetryAt": {
"format": "date-time",
"type": "string"
},
"numberOfRetries": {
"type": "integer"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"shouldNotSkip": {
"type": "boolean"
},
"url": {
"type": "string"
}
},
"required": [
"observedGeneration"
],
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
+135
View File
@@ -0,0 +1,135 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"status": {
"properties": {
"action": {
"nullable": true,
"type": "string"
},
"automaticCPTolerations": {
"type": "boolean"
},
"chart": {
"nullable": true,
"type": "string"
},
"command": {
"items": {
"nullable": true,
"type": "string"
},
"nullable": true,
"type": "array"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"nullable": true,
"type": "string"
},
"lastUpdateTime": {
"nullable": true,
"type": "string"
},
"message": {
"nullable": true,
"type": "string"
},
"reason": {
"nullable": true,
"type": "string"
},
"status": {
"nullable": true,
"type": "string"
},
"type": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"nullable": true,
"type": "array"
},
"namespace": {
"nullable": true,
"type": "string"
},
"observedGeneration": {
"type": "integer"
},
"podCreated": {
"type": "boolean"
},
"podName": {
"nullable": true,
"type": "string"
},
"podNamespace": {
"nullable": true,
"type": "string"
},
"projectId": {
"nullable": true,
"type": "string"
},
"releaseName": {
"nullable": true,
"type": "string"
},
"token": {
"nullable": true,
"type": "string"
},
"tolerations": {
"items": {
"properties": {
"effect": {
"nullable": true,
"type": "string"
},
"key": {
"nullable": true,
"type": "string"
},
"operator": {
"nullable": true,
"type": "string"
},
"tolerationSeconds": {
"nullable": true,
"type": "integer"
},
"value": {
"nullable": true,
"type": "string"
}
},
"type": "object"
},
"nullable": true,
"type": "array"
},
"version": {
"nullable": true,
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,84 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"plugin": {
"properties": {
"compressedEndpoint": {
"type": "string"
},
"endpoint": {
"type": "string"
},
"metadata": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string"
},
"noAuth": {
"default": false,
"type": "boolean"
},
"noCache": {
"default": false,
"type": "boolean"
},
"version": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"status": {
"properties": {
"cacheState": {
"nullable": true,
"type": "string"
},
"error": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"ready": {
"default": false,
"type": "boolean"
},
"retryAt": {
"format": "date-time",
"type": "string"
},
"retryNumber": {
"type": "integer"
}
},
"required": [
"observedGeneration"
],
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
+497
View File
@@ -0,0 +1,497 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"additionalOutputFormats": {
"items": {
"properties": {
"type": {
"enum": [
"DER",
"CombinedPEM"
],
"type": "string"
}
},
"required": [
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"commonName": {
"type": "string"
},
"dnsNames": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"duration": {
"type": "string"
},
"emailAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"encodeUsagesInRequest": {
"type": "boolean"
},
"ipAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"isCA": {
"type": "boolean"
},
"issuerRef": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"keystores": {
"properties": {
"jks": {
"properties": {
"alias": {
"type": "string"
},
"create": {
"type": "boolean"
},
"password": {
"type": "string"
},
"passwordSecretRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
}
},
"required": [
"create"
],
"type": "object"
},
"pkcs12": {
"properties": {
"create": {
"type": "boolean"
},
"password": {
"type": "string"
},
"passwordSecretRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"profile": {
"enum": [
"LegacyRC2",
"LegacyDES",
"Modern2023"
],
"type": "string"
}
},
"required": [
"create"
],
"type": "object"
}
},
"type": "object"
},
"literalSubject": {
"type": "string"
},
"nameConstraints": {
"properties": {
"critical": {
"type": "boolean"
},
"excluded": {
"properties": {
"dnsDomains": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"emailAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ipRanges": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"uriDomains": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
"permitted": {
"properties": {
"dnsDomains": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"emailAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"ipRanges": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"uriDomains": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
}
},
"type": "object"
},
"otherNames": {
"items": {
"properties": {
"oid": {
"type": "string"
},
"utf8Value": {
"type": "string"
}
},
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"privateKey": {
"properties": {
"algorithm": {
"enum": [
"RSA",
"ECDSA",
"Ed25519"
],
"type": "string"
},
"encoding": {
"enum": [
"PKCS1",
"PKCS8"
],
"type": "string"
},
"rotationPolicy": {
"enum": [
"Never",
"Always"
],
"type": "string"
},
"size": {
"type": "integer"
}
},
"type": "object"
},
"renewBefore": {
"type": "string"
},
"renewBeforePercentage": {
"format": "int32",
"type": "integer"
},
"revisionHistoryLimit": {
"format": "int32",
"type": "integer"
},
"secretName": {
"type": "string"
},
"secretTemplate": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object"
},
"signatureAlgorithm": {
"enum": [
"SHA256WithRSA",
"SHA384WithRSA",
"SHA512WithRSA",
"ECDSAWithSHA256",
"ECDSAWithSHA384",
"ECDSAWithSHA512",
"PureEd25519"
],
"type": "string"
},
"subject": {
"properties": {
"countries": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"localities": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"organizationalUnits": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"organizations": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"postalCodes": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"provinces": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"serialNumber": {
"type": "string"
},
"streetAddresses": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
"uris": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"usages": {
"items": {
"enum": [
"signing",
"digital signature",
"content commitment",
"key encipherment",
"key agreement",
"data encipherment",
"cert sign",
"crl sign",
"encipher only",
"decipher only",
"any",
"server auth",
"client auth",
"code signing",
"email protection",
"s/mime",
"ipsec end system",
"ipsec tunnel",
"ipsec user",
"timestamping",
"ocsp signing",
"microsoft sgc",
"netscape sgc"
],
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"issuerRef",
"secretName"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"reason": {
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"failedIssuanceAttempts": {
"type": "integer"
},
"lastFailureTime": {
"format": "date-time",
"type": "string"
},
"nextPrivateKeySecretName": {
"type": "string"
},
"notAfter": {
"format": "date-time",
"type": "string"
},
"notBefore": {
"format": "date-time",
"type": "string"
},
"renewalTime": {
"format": "date-time",
"type": "string"
},
"revision": {
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
}
@@ -0,0 +1,159 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"duration": {
"type": "string"
},
"extra": {
"additionalProperties": {
"items": {
"type": "string"
},
"type": "array"
},
"type": "object"
},
"groups": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"isCA": {
"type": "boolean"
},
"issuerRef": {
"properties": {
"group": {
"type": "string"
},
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"request": {
"format": "byte",
"type": "string"
},
"uid": {
"type": "string"
},
"usages": {
"items": {
"enum": [
"signing",
"digital signature",
"content commitment",
"key encipherment",
"key agreement",
"data encipherment",
"cert sign",
"crl sign",
"encipher only",
"decipher only",
"any",
"server auth",
"client auth",
"code signing",
"email protection",
"s/mime",
"ipsec end system",
"ipsec tunnel",
"ipsec user",
"timestamping",
"ocsp signing",
"microsoft sgc",
"netscape sgc"
],
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"username": {
"type": "string"
}
},
"required": [
"issuerRef",
"request"
],
"type": "object"
},
"status": {
"properties": {
"ca": {
"format": "byte",
"type": "string"
},
"certificate": {
"format": "byte",
"type": "string"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"type": "string"
},
"reason": {
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"type": "string"
}
},
"required": [
"status",
"type"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"failureTime": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More