Compare commits

..

3 Commits

Author SHA1 Message Date
unkinben 01e73c3a21 Pull bind CRDs from operator repo instead of vendoring
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline failed
References the CRD bundle from the bind-operator repo by a stable raw URL
so the CRDs never drift from the operator, matching how other apps import
upstream manifests.

- replace the nine vendored crds/*.yaml with a single remote resource:
  git.unkin.net/unkin/bind-operator raw config/crd/install.yaml at v0.1.1
- bump the operator image to v0.1.1 so the running operator and its CRDs
  come from the same tag
2026-07-03 18:56:48 +10:00
unkinben c57b115400 Make external-dns tier authoritative (drop dynamic mode)
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
The dynamic cluster mode was removed from the operator; RFC2136 update
capability is a per-zone property, not a cluster role. The external-dns
tier is an authoritative cluster whose zones set dynamicUpdate.

- switch binddns-externaldns BindCluster to mode authoritative
- regenerate bindcluster schema (enum: authoritative, resolver)
2026-07-03 18:36:04 +10:00
unkinben d11c2900de Deploy bind-operator and three BIND DNS tiers
Adds the bind-operator and the three BindClusters that replace the
Puppet-managed BIND estate (authoritative / resolver / external-dns).

- add apps/base/bind-system: 9 CRDs, operator Deployment, RBAC (ns bind-system)
- add apps/base/binddns-auth: authoritative BindCluster + catalog zone + TSIG key
- add apps/base/binddns-resolver: recursive-resolver BindCluster with forwarders
- add apps/base/binddns-externaldns: dynamic (RFC2136) BindCluster + TSIG key
- add au-syd1 overlays for all four apps
- register the four apps in the platform ApplicationSet
- add binddns-* namespaces to the platform AppProject destinations
- add schemas/bind.unkin.net/*.json so kubeconform validates the new CRs

DNS Services are LoadBalancer via PureLB. TSIG key material is generated by
the operator into Secrets at runtime (no plain Secrets in git).
2026-07-03 17:48:45 +10:00
81 changed files with 392 additions and 14481 deletions
+1 -1
View File
@@ -35,7 +35,7 @@ spec:
mountPath: /combined-certs
containers:
- name: api
image: git.unkin.net/unkin/artifactapi:v3.7.6
image: git.unkin.net/unkin/artifactapi:v3.7.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
+1 -1
View File
@@ -22,7 +22,7 @@ spec:
automountServiceAccountToken: true
containers:
- name: ui
image: git.unkin.net/unkin/artifactapi-ui:v3.7.6
image: git.unkin.net/unkin/artifactapi-ui:v3.7.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
@@ -1,26 +0,0 @@
---
# Internal client networks allowed to query the authoritative servers,
# mirrored from the puppet authoritative /etc/named/acls.conf
# (acl-main.unkin.net). Named auth-acl-main because the resolver has its own,
# differently-scoped acl-main.unkin.net in the same namespace.
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: auth-acl-main
namespace: bind-internal
spec:
clusterRef: bind-authoritative
entries:
- 198.18.13.0/24
- 198.18.14.0/24
- 198.18.15.0/24
- 198.18.16.0/24
- 198.18.17.0/24
- 198.18.19.0/24
- 198.18.20.0/24
- 198.18.24.0/24
- 198.18.25.0/24
- 198.18.26.0/24
- 198.18.27.0/24
- 198.18.28.0/24
- 198.18.29.0/24
@@ -1,49 +0,0 @@
---
# Authoritative masters (replaces the 3x Puppet authoritative servers).
# pod-0 is the primary; pods 1-2 replicate via the catalog zone + AXFR/IXFR.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-authoritative
namespace: bind-internal
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 2Gi
# Restrict queries to internal networks (puppet acl-main.unkin.net).
# 10.42.0.0/16 (pod net) is required so secondaries can SOA-refresh
# from the primary during catalog replication.
extraOptions:
- "allow-query { auth-acl-main; 10.42.0.0/16; }"
service:
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.6
external-dns.alpha.kubernetes.io/hostname: bind-authoritative.k8s.syd1.au.unkin.net
primaryService:
type: LoadBalancer
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.9
external-dns.alpha.kubernetes.io/hostname: bind-authoritative-primary.k8s.syd1.au.unkin.net
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
---
# Catalog zone so new BindZones auto-provision onto the secondaries.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCatalogZone
metadata:
name: bind-authoritative-catalog
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: catalog.internal
transferKeyRef: transfer-key
@@ -1,204 +0,0 @@
# Authoritative zones migrated from puppet-prod
# (profiles::dns::master::zones in hieradata/roles/infra/dns/master.yaml).
# type primary, static (puppet dynamic:false); TTL 600 as in the puppet zone header.
# Record data is populated by PuppetDB exported resources upstream, so it is
# NOT in this repo — migrate it into these zones (AXFR from the current masters,
# or DNSRecord CRs) as a follow-up. The zones start with SOA+NS only.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: unkin-net
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: unkin.net
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: main-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: main.unkin.net
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 13-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 13.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 14-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 14.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 15-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 15.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 16-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 16.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 17-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 17.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 19-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 19.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 20-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 20.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 21-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 21.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 22-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 22.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 23-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 23.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 24-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 24.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 25-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 25.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 26-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 26.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 27-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 27.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 28-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 28.18.198.in-addr.arpa
type: primary
defaultTTL: 600
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 29-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-authoritative
zoneName: 29.18.198.in-addr.arpa
type: primary
defaultTTL: 600
@@ -1,42 +0,0 @@
---
# external-dns tier (replaces the 3x Puppet external-dns servers). An ordinary
# authoritative cluster; external-dns writes to its zones via RFC2136 because
# those BindZones set dynamicUpdate (allow-update { key externaldns-key; }).
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-externaldns
namespace: bind-internal
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 1Gi
service:
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.8
external-dns.alpha.kubernetes.io/hostname: bind-externaldns.k8s.syd1.au.unkin.net
primaryService:
type: ClusterIP
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
---
# Catalog zone so the dynamic zones replicate onto the cluster's secondaries
# (external-dns writes to the primary; secondaries IXFR the result).
apiVersion: bind.unkin.net/v1alpha1
kind: BindCatalogZone
metadata:
name: bind-externaldns-catalog
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: catalog.externaldns.internal
transferKeyRef: externaldns-key
@@ -1,34 +0,0 @@
# k8s external-dns zones migrated from puppet-prod
# (externaldns::k8s_zones in hieradata/roles/infra/dns/externaldns.yaml).
# Primary + dynamicUpdate: the Kubernetes external-dns controller writes
# records here via RFC2136 authenticated with externaldns-key.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: k8s-syd1-au-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: k8s.syd1.au.unkin.net
type: primary
defaultTTL: 600
dynamicUpdate: true
updateKeyRef: externaldns-key
allowTransfer:
- key externaldns-key
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: 200-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-externaldns
zoneName: 200.18.198.in-addr.arpa
type: primary
defaultTTL: 600
dynamicUpdate: true
updateKeyRef: externaldns-key
allowTransfer:
- key externaldns-key
@@ -1,9 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- authoritative
- resolvers
- externaldns
@@ -1,65 +0,0 @@
# Internal client ACLs, mirrored from puppet /etc/named/acls.conf.
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-main.unkin.net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.1.10/32
- 198.18.2.160/27
- 198.18.21.160/27
- 198.18.2.192/27
- 198.18.21.192/27
- 198.18.13.0/24
- 198.18.14.0/24
- 198.18.15.0/24
- 198.18.16.0/24
- 198.18.17.0/24
- 198.18.18.0/24
- 198.18.19.0/24
- 198.18.20.0/24
- 198.18.21.0/24
- 198.18.22.0/24
- 198.18.23.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-dmz
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.24.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-common
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.25.0/24
- 198.18.26.0/24
- 198.18.27.0/24
- 198.18.28.0/24
- 198.18.29.0/24
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: acl-nomad-jobs
namespace: bind-internal
spec:
clusterRef: bind-resolvers
entries:
- 198.18.64.0/24
- 198.18.65.0/24
- 198.18.66.0/24
- 198.18.67.0/24
- 198.18.68.0/24
- 198.18.69.0/24
@@ -1,284 +0,0 @@
# Conditional forward zones, from the puppet openforwarder view.
# Upstreams: unkin authoritative 198.18.200.6, consul 198.18.19.14, k8s 198.18.200.8.
# k8s -> in-cluster bind-externaldns 198.18.200.8.
# (Zones that forwarded to 10.10.16.x were dropped; consul left as-is.)
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-main-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: main.unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-consul
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: consul
type: forward
catalog: false
forwarders:
- 198.18.19.14
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-k8s-syd1-au-unkin-net
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: k8s.syd1.au.unkin.net
type: forward
catalog: false
forwarders:
- 198.18.200.8
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-13-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 13.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-14-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 14.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-15-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 15.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-16-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 16.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-17-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 17.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-19-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 19.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-20-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 20.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-21-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 21.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-22-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 22.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-23-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 23.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-24-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 24.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-25-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 25.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-26-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 26.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-27-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 27.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-28-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 28.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
---
apiVersion: bind.unkin.net/v1alpha1
kind: BindZone
metadata:
name: fwd-29-18-198-in-addr-arpa
namespace: bind-internal
spec:
clusterRef: bind-resolvers
viewRef: openforwarder
zoneName: 29.18.198.in-addr.arpa
type: forward
catalog: false
forwarders:
- 198.18.200.6
@@ -1,9 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- acls.yaml
- view.yaml
- forward-zones.yaml
@@ -1,23 +0,0 @@
---
# openforwarder view, mirrored from puppet /etc/named/views.conf.
# match-clients gates access to internal networks; recursion/query are 'any'
# within the view since match-clients already restricts who reaches it.
apiVersion: bind.unkin.net/v1alpha1
kind: BindView
metadata:
name: openforwarder
namespace: bind-internal
spec:
clusterRef: bind-resolvers
order: 100
matchClients:
- acl-main.unkin.net
- acl-nomad-jobs
- acl-common
- acl-dmz
recursion: true
allowQuery:
- any
extraOptions:
- "allow-recursion { any; }"
- "allow-query-cache { any; }"
+1 -1
View File
@@ -21,7 +21,7 @@ spec:
runAsNonRoot: true
containers:
- name: operator
image: git.unkin.net/unkin/bind-operator:v0.1.5
image: git.unkin.net/unkin/bind-operator:v0.1.1
args:
- --metrics-bind-address=:8080
- --health-probe-bind-address=:8081
+1 -1
View File
@@ -6,6 +6,6 @@ resources:
- namespace.yaml
# CRDs are pulled from the bind-operator repo at the matching tag rather than
# vendored here, so they never drift from the operator.
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.5/config/crd/install.yaml
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml
- rbac.yaml
- deployment.yaml
+36
View File
@@ -0,0 +1,36 @@
---
# Authoritative masters (replaces the 3x Puppet authoritative servers).
# pod-0 is the primary; pods 1-2 replicate via the catalog zone + AXFR/IXFR.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: auth
namespace: binddns-auth
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 2Gi
service:
type: LoadBalancer
annotations:
purelb.io/service-group: common
external-dns.alpha.kubernetes.io/hostname: ns-auth.k8s.syd1.au.unkin.net
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
---
# Catalog zone so new BindZones auto-provision onto the secondaries.
apiVersion: bind.unkin.net/v1alpha1
kind: BindCatalogZone
metadata:
name: auth-catalog
namespace: binddns-auth
spec:
clusterRef: auth
zoneName: catalog.internal
transferKeyRef: transfer-key
@@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- namespace.yaml
- tsigkey.yaml
- zones.yaml
- cluster.yaml
@@ -2,4 +2,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: encapi
name: binddns-auth
@@ -5,7 +5,6 @@ apiVersion: bind.unkin.net/v1alpha1
kind: BindTSIGKey
metadata:
name: transfer-key
namespace: bind-internal
namespace: binddns-auth
spec:
clusterRef: bind-authoritative
algorithm: hmac-sha256
@@ -0,0 +1,26 @@
---
# external-dns tier (replaces the 3x Puppet external-dns servers). An ordinary
# authoritative cluster; external-dns writes to its zones via RFC2136 because
# those BindZones set dynamicUpdate (allow-update { key externaldns-key; }).
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: externaldns
namespace: binddns-externaldns
spec:
mode: authoritative
replicas: 3
storageClassName: cephrbd-fast-delete
storageSize: 1Gi
service:
type: LoadBalancer
annotations:
purelb.io/service-group: dmz
external-dns.alpha.kubernetes.io/hostname: ns-ext.k8s.syd1.au.unkin.net
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- namespace.yaml
- tsigkey.yaml
- zones.yaml
- acls.yaml
- cluster.yaml
@@ -2,4 +2,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: jellyfin
name: binddns-externaldns
@@ -5,7 +5,6 @@ apiVersion: bind.unkin.net/v1alpha1
kind: BindTSIGKey
metadata:
name: externaldns-key
namespace: bind-internal
namespace: binddns-externaldns
spec:
clusterRef: bind-externaldns
algorithm: hmac-sha256
@@ -4,8 +4,8 @@
apiVersion: bind.unkin.net/v1alpha1
kind: BindCluster
metadata:
name: bind-resolvers
namespace: bind-internal
name: resolver
namespace: binddns-resolver
spec:
mode: resolver
replicas: 3
@@ -13,14 +13,12 @@ spec:
storageSize: 1Gi
service:
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
purelb.io/service-group: common
purelb.io/addresses: 198.18.200.7
external-dns.alpha.kubernetes.io/hostname: bind-resolvers.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/hostname: resolver.k8s.syd1.au.unkin.net
forwarders:
- 8.8.8.8
- 1.1.1.1
- 9.9.9.9
resources:
requests:
cpu: 100m
@@ -4,3 +4,4 @@ kind: Kustomization
resources:
- namespace.yaml
- cluster.yaml
@@ -2,4 +2,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: bind-internal
name: binddns-resolver
-91
View File
@@ -1,91 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
namespace: encapi
spec:
affinity:
podAntiAffinityType: preferred
bootstrap:
initdb:
database: encapi
encoding: UTF8
localeCType: C
localeCollate: C
owner: encapi
secret:
name: postgres-credentials
enablePDB: true
enableSuperuserAccess: false
failoverDelay: 0
imageName: ghcr.io/cloudnative-pg/postgresql:18.1-system-trixie
instances: 3
logLevel: info
maxSyncReplicas: 0
minSyncReplicas: 0
monitoring:
customQueriesConfigMap:
- key: queries
name: cnpg-default-monitoring
disableDefaultQueries: false
enablePodMonitor: false
postgresql:
parameters:
archive_mode: "on"
archive_timeout: 5min
dynamic_shared_memory_type: posix
effective_cache_size: 256MB
full_page_writes: "on"
log_destination: csvlog
log_directory: /controller/log
log_filename: postgres
log_rotation_age: "0"
log_rotation_size: "0"
log_truncate_on_rotation: "false"
logging_collector: "on"
max_connections: "200"
max_parallel_workers: "16"
max_replication_slots: "16"
max_worker_processes: "16"
shared_buffers: 128MB
shared_memory_type: mmap
ssl_max_protocol_version: TLSv1.3
ssl_min_protocol_version: TLSv1.3
wal_keep_size: 256MB
wal_level: logical
wal_log_hints: "on"
wal_receiver_timeout: 5s
wal_sender_timeout: 5s
syncReplicaElectionConstraint:
enabled: false
primaryUpdateMethod: restart
primaryUpdateStrategy: unsupervised
probes:
liveness:
isolationCheck:
connectionTimeout: 1000
enabled: true
requestTimeout: 1000
replicationSlots:
highAvailability:
enabled: true
slotPrefix: _cnpg_
synchronizeReplicas:
enabled: true
updateInterval: 30
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
smartShutdownTimeout: 180
startDelay: 3600
stopDelay: 1800
storage:
resizeInUseVolumes: true
size: 10Gi
storageClass: cephrbd-fast-delete
switchoverDelay: 3600
-33
View File
@@ -1,33 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler
namespace: encapi
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler
topologyKey: kubernetes.io/hostname
containers: []
type: rw
-13
View File
@@ -1,13 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: encapi-env
namespace: encapi
data:
LISTEN_ADDR: ":8000"
DBHOST: postgres-pooler
DBNAME: encapi
DBPORT: "5432"
DBUSER: encapi
DBSSL: require
-64
View File
@@ -1,64 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: encapi
namespace: encapi
annotations:
reloader.stakater.com/auto: "true"
spec:
replicas: 2
selector:
matchLabels:
app: encapi
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: encapi
spec:
automountServiceAccountToken: true
containers:
- name: encapi
image: git.unkin.net/unkin/encapi:v0.1.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: http
protocol: TCP
envFrom:
# DBHOST/DBNAME/DBPORT/DBUSER/DBSSL/LISTEN_ADDR
- configMapRef:
name: encapi-env
optional: false
# DBPASS + ENCAPI_WRITE_TOKEN (seeded in Vault, see cutover notes)
- secretRef:
name: environment
optional: false
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 3
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 256Mi
restartPolicy: Always
-37
View File
@@ -1,37 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: encapi.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: encapi.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
name: encapi
namespace: encapi
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: encapi.k8s.syd1.au.unkin.net
name: http
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: encapi.k8s.syd1.au.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: encapi-tls
mode: Terminate
-49
View File
@@ -1,49 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: encapi-http-redirect
namespace: encapi
spec:
hostnames:
- encapi.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: encapi
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: encapi
namespace: encapi
spec:
hostnames:
- encapi.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: encapi
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: encapi
port: 80
weight: 1
matches:
- path:
type: PathPrefix
value: /
-15
View File
@@ -1,15 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- configmap.yaml
- deployment.yaml
- service.yaml
- gateway.yaml
- httproute.yaml
- cnpg_cluster.yaml
- cnpg_pooler.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
-17
View File
@@ -1,17 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: encapi
namespace: encapi
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: encapi
sessionAffinity: None
type: ClusterIP
-18
View File
@@ -1,18 +0,0 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: default
namespace: encapi
spec:
allowedNamespaces:
- encapi
kubernetes:
audiences:
- vault
role: default
serviceAccount: default
tokenExpirationSeconds: 600
method: kubernetes
mount: k8s/au/syd1
vaultConnectionRef: vso-system/default
-34
View File
@@ -1,34 +0,0 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: postgres-credentials
namespace: encapi
spec:
destination:
create: true
name: postgres-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/encapi/default/postgres-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: environment
namespace: encapi
spec:
destination:
create: true
name: environment
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/encapi/default/environment
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
-7
View File
@@ -1,7 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/name: grafana-system
name: grafana-system
-80
View File
@@ -1,80 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jellyfin
namespace: jellyfin
spec:
# Start single-replica. Scaling to >1 (true HA) is a follow-up once the Redis
# transcode store and RWX transcode scratch are validated end-to-end.
replicas: 1
strategy:
# Config PVC is RWO; a Recreate rollout avoids two pods contending for it.
type: Recreate
selector:
matchLabels:
app: jellyfin
template:
metadata:
labels:
app: jellyfin
spec:
containers:
- name: jellyfin
image: git.unkin.net/unkin/jellyfin-ha:v0.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8096
protocol: TCP
env:
# Distributed transcode session store (jellyfin-ha additions).
- name: Jellyfin__TranscodeStore__RedisConnectionString
value: "redis:6379,abortConnect=false"
- name: Jellyfin__TranscodeStore__LeaseDurationSeconds
value: "30"
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
requests:
cpu: "1"
memory: 1Gi
limits:
cpu: "4"
memory: 6Gi
volumeMounts:
- name: config
mountPath: /config
- name: cache
mountPath: /cache
- name: transcode
mountPath: /transcode
- name: media
mountPath: /media
readOnly: true
volumes:
- name: config
persistentVolumeClaim:
claimName: jellyfin-config
- name: cache
emptyDir: {}
- name: transcode
persistentVolumeClaim:
claimName: jellyfin-transcode
- name: media
persistentVolumeClaim:
claimName: jellyfin-media
-37
View File
@@ -1,37 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: jellyfin.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: jellyfin.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
name: jellyfin
namespace: jellyfin
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: jellyfin.k8s.syd1.au.unkin.net
name: http
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Same
hostname: jellyfin.k8s.syd1.au.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: jellyfin-tls
mode: Terminate
-49
View File
@@ -1,49 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-redirect
namespace: jellyfin
spec:
hostnames:
- jellyfin.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: jellyfin
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: jellyfin-route
namespace: jellyfin
spec:
hostnames:
- jellyfin.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: jellyfin
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: jellyfin
port: 8096
weight: 1
matches:
- path:
type: PathPrefix
value: /
-16
View File
@@ -1,16 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc-config.yaml
- pvc-transcode.yaml
- pvc-media.yaml
- deployment.yaml
- service.yaml
- redis-deployment.yaml
- redis-pvc.yaml
- redis-service.yaml
- gateway.yaml
- httproute.yaml
-15
View File
@@ -1,15 +0,0 @@
---
# Jellyfin config + SQLite library database. Single-writer, block storage.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-config
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: cephrbd-fast-retain
volumeMode: Filesystem
-17
View File
@@ -1,17 +0,0 @@
---
# Media library, shared read-many across replicas. Retain — this holds the
# actual media and must survive PVC deletion. Empty on first deploy; populating
# it is out of scope for this app.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-media
namespace: jellyfin
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Ti
storageClassName: cephfs-raid6-retain
volumeMode: Filesystem
-17
View File
@@ -1,17 +0,0 @@
---
# Shared transcode scratch. ReadWriteMany is the hard requirement for the HA
# fork: a taking-over pod must read the in-flight HLS segments written by the
# pod it replaces. Scratch data, so delete reclaim policy.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-transcode
namespace: jellyfin
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
storageClassName: cephfs-raid6-delete
volumeMode: Filesystem
-66
View File
@@ -1,66 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: jellyfin
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy:
type: Recreate
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
imagePullPolicy: IfNotPresent
command:
- redis-server
- --save
- "20"
- "1"
ports:
- containerPort: 6379
name: redis
protocol: TCP
livenessProbe:
exec:
command:
- redis-cli
- ping
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
exec:
command:
- redis-cli
- ping
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
volumeMounts:
- mountPath: /data
name: data
restartPolicy: Always
volumes:
- name: data
persistentVolumeClaim:
claimName: jellyfin-redis-data
-14
View File
@@ -1,14 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jellyfin-redis-data
namespace: jellyfin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: cephrbd-fast-delete
volumeMode: Filesystem
-17
View File
@@ -1,17 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: jellyfin
spec:
internalTrafficPolicy: Cluster
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: redis
selector:
app: redis
sessionAffinity: None
type: ClusterIP
-17
View File
@@ -1,17 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: jellyfin
namespace: jellyfin
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 8096
protocol: TCP
targetPort: http
selector:
app: jellyfin
sessionAffinity: None
type: ClusterIP
-117
View File
@@ -1,117 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: vmselect
namespace: observability
labels:
app.kubernetes.io/name: vmselect
app.kubernetes.io/instance: victoria-metrics
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vmselect.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vmselect.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
gatewayClassName: traefik-internal
listeners:
- name: http
port: 80
protocol: HTTP
hostname: vmselect.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
- name: https
port: 443
protocol: HTTPS
hostname: vmselect.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- group: ""
kind: Secret
name: vmselect-tls
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: vminsert
namespace: observability
labels:
app.kubernetes.io/name: vminsert
app.kubernetes.io/instance: victoria-metrics
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vminsert.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vminsert.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
gatewayClassName: traefik-internal
listeners:
- name: http
port: 80
protocol: HTTP
hostname: vminsert.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
- name: https
port: 443
protocol: HTTPS
hostname: vminsert.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- group: ""
kind: Secret
name: vminsert-tls
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: vmagent
namespace: observability
labels:
app.kubernetes.io/name: vmagent
app.kubernetes.io/instance: victoria-metrics
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vmagent.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vmagent.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
gatewayClassName: traefik-internal
listeners:
- name: http
port: 80
protocol: HTTP
hostname: vmagent.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
- name: https
port: 443
protocol: HTTPS
hostname: vmagent.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- group: ""
kind: Secret
name: vmagent-tls
-165
View File
@@ -1,165 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vmselect-http-redirect
namespace: observability
labels:
app.kubernetes.io/name: vmselect
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vmselect.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vmselect
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vmselect
namespace: observability
labels:
app.kubernetes.io/name: vmselect
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vmselect.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vmselect
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: vmselect-main
port: 8481
weight: 1
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vminsert-http-redirect
namespace: observability
labels:
app.kubernetes.io/name: vminsert
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vminsert.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vminsert
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vminsert
namespace: observability
labels:
app.kubernetes.io/name: vminsert
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vminsert.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vminsert
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: vminsert-main
port: 8480
weight: 1
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vmagent-http-redirect
namespace: observability
labels:
app.kubernetes.io/name: vmagent
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vmagent.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vmagent
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vmagent
namespace: observability
labels:
app.kubernetes.io/name: vmagent
app.kubernetes.io/instance: victoria-metrics
spec:
hostnames:
- vmagent.k8s.syd1.au.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: vmagent
sectionName: https
rules:
- backendRefs:
- group: ""
kind: Service
name: vmagent-main
port: 8429
weight: 1
matches:
- path:
type: PathPrefix
value: /
@@ -4,7 +4,3 @@ kind: Kustomization
resources:
- namespace.yaml
- vmcluster.yaml
- vmagent.yaml
- gateway.yaml
- httproute.yaml
-122
View File
@@ -1,122 +0,0 @@
---
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMAgent
metadata:
name: main
namespace: observability
spec:
replicaCount: 2
scrapeInterval: 15s
# Also consume VMServiceScrape / VMPodScrape / VMNodeScrape from every namespace
# (the operator auto-converts Prometheus ServiceMonitors -> VMServiceScrape).
selectAllByDefault: true
extraArgs:
loggerFormat: json
remoteWrite:
- url: http://vminsert-main.observability.svc.cluster.local:8480/insert/0/prometheus/
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: "1"
memory: 2Gi
# Reflected Vault intermediate CA (unkin.net) for verifying puppet Consul + metrics targets.
volumes:
- name: vault-ca
secret:
secretName: vault-ca-cert
volumeMounts:
- name: vault-ca
mountPath: /etc/vmagent-tls
readOnly: true
inlineScrapeConfig: |
- job_name: vmagent
static_configs:
- targets: ["localhost:8429"]
- job_name: "kubernetes-apiservers"
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
action: keep
regex: default;kubernetes;https
- job_name: "kubernetes-nodes"
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- job_name: "kubernetes-nodes-cadvisor"
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
metrics_path: /metrics/cadvisor
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- source_labels: [__metrics_path__]
target_label: metrics_path
metric_relabel_configs:
- action: replace
source_labels: [pod]
regex: '(.+)'
target_label: pod_name
replacement: '${1}'
- action: replace
source_labels: [container]
regex: '(.+)'
target_label: container_name
replacement: '${1}'
- action: replace
target_label: name
replacement: k8s_stub
- action: replace
source_labels: [id]
regex: '^/system\.slice/(.+)\.service$'
target_label: systemd_service_name
replacement: '${1}'
# puppet-prod Consul service discovery (same targets as the puppet vmagent).
# consul.service.consul resolves to the puppet Consul from in-cluster pods.
- job_name: consul
consul_sd_configs:
- server: consul.service.consul:443
scheme: https
tls_config:
ca_file: /etc/vmagent-tls/ca.crt
relabel_configs:
- source_labels: [__meta_consul_tagpresent_metrics]
regex: "true"
action: keep
- source_labels: [__meta_consul_node, __meta_consul_service_port]
separator: ":"
target_label: __address__
replacement: "${1}:${2}"
action: replace
- source_labels: [__meta_consul_tag_metrics_scheme]
target_label: __scheme__
action: replace
- target_label: __metrics_path__
replacement: /metrics
- source_labels: [__meta_consul_tag_metrics_job]
target_label: job
action: replace
tls_config:
ca_file: /etc/vmagent-tls/ca.crt
-115
View File
@@ -1,115 +0,0 @@
---
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMCluster
metadata:
name: main
namespace: observability
spec:
retentionPeriod: "180d"
replicationFactor: 2
vmstorage:
replicaCount: 2
extraArgs:
dedup.minScrapeInterval: 15s
loggerFormat: json
storage:
volumeClaimTemplate:
spec:
storageClassName: cephrbd-fast-delete
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
resources:
requests:
cpu: "1"
memory: 2Gi
limits:
cpu: "2"
memory: 8Gi
vmselect:
replicaCount: 2
extraArgs:
dedup.minScrapeInterval: 15s
loggerFormat: json
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 1024Mi
hpa:
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
behavior:
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Percent
value: 100
periodSeconds: 30
- type: Pods
value: 4
periodSeconds: 30
scaleDown:
stabilizationWindowSeconds: 300
selectPolicy: Min
policies:
- type: Percent
value: 10
periodSeconds: 60
- type: Pods
value: 2
periodSeconds: 60
vminsert:
replicaCount: 2
extraArgs:
loggerFormat: json
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 1024Mi
hpa:
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
behavior:
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Percent
value: 100
periodSeconds: 30
- type: Pods
value: 4
periodSeconds: 30
scaleDown:
stabilizationWindowSeconds: 300
selectPolicy: Min
policies:
- type: Percent
value: 10
periodSeconds: 60
- type: Pods
value: 2
periodSeconds: 60
@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/jellyfin
- ../../../base/binddns-auth
@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/encapi
- ../../../base/binddns-externaldns
@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/bind-internal
- ../../../base/binddns-resolver
@@ -1,16 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: grafana-system
resources:
- ../../../base/grafana-system
helmCharts:
- name: grafana-operator
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
version: "5.24.0"
releaseName: grafana-operator
namespace: grafana-system
valuesFile: values.yaml
@@ -1,16 +0,0 @@
# Watches all namespaces by default (namespaceScope: false) so it can manage the
# Grafana instance + dashboards/datasources in the `grafana` namespace.
#
# Render the CRDs as normal templated manifests (instead of the helm `crds/`
# subchart, which `helm template`/kustomize skip) so ArgoCD installs and manages
# them alongside the operator.
crds:
immutable: false
replicas: 1
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
@@ -6,3 +6,17 @@ namespace: observability
resources:
- ../../../base/observability
helmCharts:
- name: victoria-metrics-cluster
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
version: "0.33.0"
releaseName: victoria-metrics-cluster
namespace: observability
valuesFile: values-vmcluster.yaml
- name: victoria-metrics-agent
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
version: "0.30.0"
releaseName: victoria-metrics-agent
namespace: observability
valuesFile: values-vmagent.yaml
@@ -0,0 +1,102 @@
image:
repository: victoriametrics/vmagent
pullPolicy: IfNotPresent
global:
scrape_interval: 15s
podDisruptionBudget:
enabled: true
maxUnavailable: 1
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8481"
replicaCount: 3
extraArgs:
envflag.enable: true
envflag.prefix: VM_
loggerFormat: json
httpListenAddr: :8429
service:
enabled: true
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vmagent.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vmagent.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
hosts:
- name: vmagent.k8s.syd1.au.unkin.net
path:
- /
port: http
tls:
- hosts:
- vmagent.k8s.syd1.au.unkin.net
secretName: vmagent-tls
ingressClassName: nginx
remoteWrite:
- url: http://victoria-metrics-cluster-vminsert.observability.svc.cluster.local:8480/insert/0/prometheus/
scrape_configs:
- job_name: vmagent
static_configs:
- targets: ["localhost:8429"]
- job_name: "kubernetes-apiservers"
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
action: keep
regex: default;kubernetes;https
- job_name: "kubernetes-nodes"
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- job_name: "kubernetes-nodes-cadvisor"
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
metrics_path: /metrics/cadvisor
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- source_labels: [__metrics_path__]
target_label: metrics_path
metric_relabel_configs:
- action: replace
source_labels: [pod]
regex: '(.+)'
target_label: pod_name
replacement: '${1}'
- action: replace
source_labels: [container]
regex: '(.+)'
target_label: container_name
replacement: '${1}'
- action: replace
target_label: name
replacement: k8s_stub
- action: replace
source_labels: [id]
regex: '^/system\.slice/(.+)\.service$'
target_label: systemd_service_name
replacement: '${1}'
@@ -0,0 +1,185 @@
vmselect:
enabled: true
image:
repository: victoriametrics/vmselect
pullPolicy: IfNotPresent
variant: cluster
extraArgs:
envflag.enable: true
envflag.prefix: VM_
loggerFormat: json
httpListenAddr: :8481
dedup.minScrapeInterval: 15s
replicationFactor: 2
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 50m
memory: 128Mi
horizontalPodAutoscaler:
enabled: true
maxReplicas: 10
minReplicas: 2
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
behavior:
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Percent
value: 100
periodSeconds: 30
- type: Pods
value: 4
periodSeconds: 30
scaleDown:
stabilizationWindowSeconds: 300
selectPolicy: Min
policies:
- type: Percent
value: 10
periodSeconds: 60
- type: Pods
value: 2
periodSeconds: 60
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8481"
podDisruptionBudget:
enabled: true
maxUnavailable: 1
replicaCount: 2
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vmselect.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vmselect.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
hosts:
- name: vmselect.k8s.syd1.au.unkin.net
path:
- /
port: http
tls:
- hosts:
- vmselect.k8s.syd1.au.unkin.net
secretName: vmselect-tls
ingressClassName: nginx
vminsert:
enabled: true
image:
repository: victoriametrics/vminsert
variant: cluster
pullPolicy: IfNotPresent
extraArgs:
envflag.enable: true
envflag.prefix: VM_
loggerFormat: json
httpListenAddr: :8480
replicationFactor: 2
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 50m
memory: 128Mi
horizontalPodAutoscaler:
enabled: true
maxReplicas: 10
minReplicas: 2
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
behavior:
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Percent
value: 100
periodSeconds: 30
- type: Pods
value: 4
periodSeconds: 30
scaleDown:
stabilizationWindowSeconds: 300
selectPolicy: Min
policies:
- type: Percent
value: 10
periodSeconds: 60
- type: Pods
value: 2
periodSeconds: 60
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8480"
podDisruptionBudget:
enabled: true
maxUnavailable: 1
replicaCount: 2
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vminsert.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: vminsert.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
hosts:
- name: vminsert.k8s.syd1.au.unkin.net
path:
- /
port: http
tls:
- hosts:
- vminsert.k8s.syd1.au.unkin.net
secretName: vminsert-tls
ingressClassName: nginx
vmstorage:
enabled: true
image:
repository: victoriametrics/vmstorage
variant: cluster
pullPolicy: IfNotPresent
retentionPeriod: 180d
extraArgs:
envflag.enable: true
envflag.prefix: VM_
loggerFormat: json
httpListenAddr: :8482
dedup.minScrapeInterval: 15s
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8482"
podDisruptionBudget:
enabled: true
maxUnavailable: 1
persistentVolume:
enabled: true
name: vmstorage-volume
accessModes:
- ReadWriteOnce
storageClassName: cephrbd-fast-delete
mountPath: /storage
size: 200Gi
replicaCount: 3
podManagementPolicy: OrderedReady
@@ -4,7 +4,6 @@ kind: Kustomization
resources:
- aitooling.yaml
- media.yaml
- observability.yaml
- platform.yaml
- storage.yaml
-31
View File
@@ -1,31 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: media-apps
namespace: argocd
spec:
generators:
- git:
repoURL: https://git.unkin.net/unkin/argocd-apps
revision: HEAD
directories:
- path: apps/overlays/*/jellyfin
template:
metadata:
name: 'media-{{path[3]}}'
spec:
project: media
source:
repoURL: https://git.unkin.net/unkin/argocd-apps
targetRevision: HEAD
path: '{{path}}'
destination:
server: https://kubernetes.default.svc
namespace: '{{path[3]}}'
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- ServerSideApply=true
+3 -3
View File
@@ -13,7 +13,9 @@ spec:
- path: apps/overlays/*/authentik
- path: apps/overlays/*/artifactapi
- path: apps/overlays/*/bind-system
- path: apps/overlays/*/bind-internal
- path: apps/overlays/*/binddns-auth
- path: apps/overlays/*/binddns-resolver
- path: apps/overlays/*/binddns-externaldns
- path: apps/overlays/*/age-api
- path: apps/overlays/*/cattle-system
- path: apps/overlays/*/cert-manager
@@ -21,9 +23,7 @@ spec:
- path: apps/overlays/*/cnpg-system
- path: apps/overlays/*/consul
- path: apps/overlays/*/elastic-system
- path: apps/overlays/*/encapi
- path: apps/overlays/*/externaldns
- path: apps/overlays/*/grafana-system
- path: apps/overlays/*/inteldeviceplugins-system
- path: apps/overlays/*/jfrog
- path: apps/overlays/*/kanidm
-1
View File
@@ -4,7 +4,6 @@ kind: Kustomization
resources:
- aitooling.yaml
- media.yaml
- observability.yaml
- platform.yaml
- storage.yaml
-19
View File
@@ -1,19 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: media
namespace: argocd
spec:
description: Media services
sourceRepos:
- https://git.unkin.net/unkin/argocd-apps
destinations:
- namespace: 'jellyfin'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: ''
kind: Namespace
namespaceResourceWhitelist:
- group: '*'
kind: '*'
+5 -3
View File
@@ -21,7 +21,11 @@ spec:
server: https://kubernetes.default.svc
- namespace: 'authentik'
server: https://kubernetes.default.svc
- namespace: 'bind-internal'
- namespace: 'binddns-auth'
server: https://kubernetes.default.svc
- namespace: 'binddns-resolver'
server: https://kubernetes.default.svc
- namespace: 'binddns-externaldns'
server: https://kubernetes.default.svc
- namespace: 'cert-manager'
server: https://kubernetes.default.svc
@@ -29,8 +33,6 @@ spec:
server: https://kubernetes.default.svc
- namespace: 'consul'
server: https://kubernetes.default.svc
- namespace: 'encapi'
server: https://kubernetes.default.svc
- namespace: 'externaldns'
server: https://kubernetes.default.svc
- namespace: 'jfrog'
@@ -692,35 +692,6 @@
},
"type": "object"
},
"primaryService": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"externalTrafficPolicy": {
"enum": [
"Cluster",
"Local"
],
"type": "string"
},
"loadBalancerIP": {
"type": "string"
},
"type": {
"enum": [
"ClusterIP",
"LoadBalancer",
"NodePort"
],
"type": "string"
}
},
"type": "object"
},
"recursion": {
"type": "boolean"
},
@@ -794,13 +765,6 @@
},
"type": "object"
},
"externalTrafficPolicy": {
"enum": [
"Cluster",
"Local"
],
"type": "string"
},
"loadBalancerIP": {
"type": "string"
},
@@ -24,9 +24,6 @@
],
"type": "string"
},
"clusterRef": {
"type": "string"
},
"importExisting": {
"type": "boolean"
},
File diff suppressed because it is too large Load Diff
@@ -1,371 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"editable": {
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"folderRef": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"folderUID": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"interval": {
"format": "duration",
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"name": {
"type": "string"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"rules": {
"items": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"condition": {
"type": "string"
},
"dashboardUid": {
"type": "string"
},
"data": {
"items": {
"properties": {
"datasourceUid": {
"type": "string"
},
"model": {
"x-kubernetes-preserve-unknown-fields": true
},
"queryType": {
"type": "string"
},
"refId": {
"type": "string"
},
"relativeTimeRange": {
"properties": {
"from": {
"format": "int64",
"type": "integer"
},
"to": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
}
},
"type": "object"
},
"type": "array"
},
"execErrState": {
"enum": [
"OK",
"Alerting",
"Error",
"KeepLast"
],
"type": "string"
},
"for": {
"default": "0s",
"pattern": "^([0-9]+(\\.[0-9]+)?(s|m|h|d|w))+$",
"type": "string"
},
"isPaused": {
"type": "boolean"
},
"keepFiringFor": {
"format": "duration",
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"missingSeriesEvalsToResolve": {
"format": "int64",
"type": "integer"
},
"noDataState": {
"enum": [
"Alerting",
"NoData",
"OK",
"KeepLast"
],
"type": "string"
},
"notificationSettings": {
"properties": {
"active_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"group_by": {
"items": {
"type": "string"
},
"type": "array"
},
"group_interval": {
"type": "string"
},
"group_wait": {
"type": "string"
},
"mute_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"receiver": {
"minLength": 1,
"type": "string"
},
"repeat_interval": {
"type": "string"
}
},
"required": [
"receiver"
],
"type": "object"
},
"panelId": {
"type": "integer"
},
"record": {
"properties": {
"from": {
"type": "string"
},
"metric": {
"type": "string"
},
"targetDatasourceUid": {
"type": "string"
}
},
"required": [
"from",
"metric"
],
"type": "object"
},
"title": {
"example": "Always firing",
"maxLength": 190,
"minLength": 1,
"type": "string"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string"
}
},
"required": [
"condition",
"data",
"execErrState",
"for",
"noDataState",
"title",
"uid"
],
"type": "object"
},
"minItems": 1,
"type": "array"
},
"suspend": {
"type": "boolean"
}
},
"required": [
"instanceSelector",
"interval",
"rules"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "Only one of FolderUID or FolderRef can be set and one must be defined",
"rule": "(has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef) && !(has(self.folderUID)))"
},
{
"message": "spec.editable is immutable",
"rule": "((!has(oldSelf.editable) && !has(self.editable)) || (has(oldSelf.editable) && has(self.editable)))"
},
{
"message": "spec.folderUID is immutable",
"rule": "((!has(oldSelf.folderUID) && !has(self.folderUID)) || (has(oldSelf.folderUID) && has(self.folderUID)))"
},
{
"message": "spec.folderRef is immutable",
"rule": "((!has(oldSelf.folderRef) && !has(self.folderRef)) || (has(oldSelf.folderRef) && has(self.folderRef)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,348 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"disableResolveMessage": {
"type": "boolean"
},
"editable": {
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "spec.editable is immutable",
"rule": "self == oldSelf"
}
]
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"name": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.name is immutable",
"rule": "self == oldSelf"
}
]
},
"receivers": {
"items": {
"properties": {
"disableResolveMessage": {
"type": "boolean"
},
"settings": {
"x-kubernetes-preserve-unknown-fields": true
},
"type": {
"minLength": 1,
"type": "string"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string"
},
"valuesFrom": {
"items": {
"properties": {
"targetPath": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object",
"x-kubernetes-validations": [
{
"message": "Either configMapKeyRef or secretKeyRef must be set",
"rule": "(has(self.configMapKeyRef) && !has(self.secretKeyRef)) || (!has(self.configMapKeyRef) && has(self.secretKeyRef))"
}
]
}
},
"required": [
"targetPath",
"valueFrom"
],
"type": "object"
},
"maxItems": 99,
"type": "array"
}
},
"required": [
"settings",
"type"
],
"type": "object"
},
"maxItems": 99,
"type": "array"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"settings": {
"x-kubernetes-preserve-unknown-fields": true
},
"suspend": {
"type": "boolean"
},
"type": {
"minLength": 1,
"type": "string"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "self == oldSelf"
}
]
},
"valuesFrom": {
"items": {
"properties": {
"targetPath": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object",
"x-kubernetes-validations": [
{
"message": "Either configMapKeyRef or secretKeyRef must be set",
"rule": "(has(self.configMapKeyRef) && !has(self.secretKeyRef)) || (!has(self.configMapKeyRef) && has(self.secretKeyRef))"
}
]
}
},
"required": [
"targetPath",
"valueFrom"
],
"type": "object"
},
"maxItems": 99,
"type": "array"
}
},
"required": [
"instanceSelector"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "spec.name is immutable",
"rule": "((!has(oldSelf.name) && !has(self.name)) || (has(oldSelf.name) && has(self.name)))"
},
{
"message": "spec.editable is immutable",
"rule": "((!has(oldSelf.editable) && !has(self.editable)) || (has(oldSelf.editable) && has(self.editable)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,492 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"configMapRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"contentCacheDuration": {
"type": "string"
},
"datasources": {
"items": {
"properties": {
"datasourceName": {
"type": "string"
},
"inputName": {
"type": "string"
}
},
"required": [
"datasourceName",
"inputName"
],
"type": "object"
},
"type": "array"
},
"envFrom": {
"items": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
},
"type": "array"
},
"envs": {
"items": {
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array"
},
"folder": {
"type": "string"
},
"folderRef": {
"type": "string"
},
"folderUID": {
"type": "string"
},
"grafanaCom": {
"properties": {
"id": {
"type": "integer"
},
"revision": {
"type": "integer"
}
},
"required": [
"id"
],
"type": "object"
},
"gzipJson": {
"format": "byte",
"type": "string"
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"json": {
"type": "string"
},
"jsonnet": {
"type": "string"
},
"jsonnetLib": {
"properties": {
"fileName": {
"type": "string"
},
"gzipJsonnetProject": {
"format": "byte",
"type": "string"
},
"jPath": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"fileName",
"gzipJsonnetProject"
],
"type": "object"
},
"oci": {
"properties": {
"insecurePlainHTTP": {
"type": "boolean"
},
"path": {
"maxLength": 512,
"minLength": 1,
"type": "string"
},
"pullSecretRef": {
"properties": {
"name": {
"default": "",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"reference": {
"maxLength": 512,
"minLength": 3,
"pattern": "^[^:@]+(:[^:@/]+|@sha256:[a-fA-F0-9]{64})$",
"type": "string"
}
},
"required": [
"path",
"reference"
],
"type": "object"
},
"plugins": {
"items": {
"properties": {
"name": {
"minLength": 1,
"type": "string"
},
"version": {
"pattern": "^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?|latest)$",
"type": "string"
}
},
"required": [
"name",
"version"
],
"type": "object"
},
"type": "array"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "self == oldSelf"
}
]
},
"url": {
"pattern": "^https?://.+$",
"type": "string"
},
"urlAuthorization": {
"properties": {
"basicAuth": {
"properties": {
"password": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"username": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
}
},
"type": "object"
}
},
"required": [
"instanceSelector"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "Only one of folderUID or folderRef can be declared at the same time",
"rule": "(has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef) && !(has(self.folderUID))) || !(has(self.folderRef) && (has(self.folderUID)))"
},
{
"message": "folder field cannot be set when folderUID or folderRef is already declared",
"rule": "(has(self.folder) && !(has(self.folderRef) || has(self.folderUID))) || !(has(self.folder))"
},
{
"message": "spec.uid is immutable",
"rule": "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"NoMatchingInstances": {
"type": "boolean"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"contentCache": {
"format": "byte",
"type": "string"
},
"contentTimestamp": {
"format": "date-time",
"type": "string"
},
"contentUrl": {
"type": "string"
},
"hash": {
"type": "string"
},
"lastResync": {
"format": "date-time",
"type": "string"
},
"uid": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,306 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"datasource": {
"properties": {
"access": {
"type": "string"
},
"basicAuth": {
"type": "boolean"
},
"basicAuthUser": {
"type": "string"
},
"database": {
"type": "string"
},
"editable": {
"type": "boolean"
},
"isDefault": {
"type": "boolean"
},
"jsonData": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"name": {
"type": "string"
},
"orgId": {
"format": "int64",
"type": "integer"
},
"secureJsonData": {
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"type": {
"type": "string"
},
"uid": {
"type": "string"
},
"url": {
"type": "string"
},
"user": {
"type": "string"
}
},
"type": "object"
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"plugins": {
"items": {
"properties": {
"name": {
"minLength": 1,
"type": "string"
},
"version": {
"pattern": "^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?|latest)$",
"type": "string"
}
},
"required": [
"name",
"version"
],
"type": "object"
},
"type": "array"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "self == oldSelf"
}
]
},
"valuesFrom": {
"items": {
"properties": {
"targetPath": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object",
"x-kubernetes-validations": [
{
"message": "Either configMapKeyRef or secretKeyRef must be set",
"rule": "(has(self.configMapKeyRef) && !has(self.secretKeyRef)) || (!has(self.configMapKeyRef) && has(self.secretKeyRef))"
}
]
}
},
"required": [
"targetPath",
"valueFrom"
],
"type": "object"
},
"maxItems": 99,
"type": "array"
}
},
"required": [
"datasource",
"instanceSelector"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"NoMatchingInstances": {
"type": "boolean"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"hash": {
"type": "string"
},
"lastMessage": {
"type": "string"
},
"lastResync": {
"format": "date-time",
"type": "string"
},
"uid": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,180 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"parentFolderRef": {
"type": "string"
},
"parentFolderUID": {
"type": "string"
},
"permissions": {
"type": "string"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"title": {
"type": "string"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "self == oldSelf"
}
]
}
},
"required": [
"instanceSelector"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "Only one of parentFolderUID or parentFolderRef can be set",
"rule": "(has(self.parentFolderUID) && !(has(self.parentFolderRef))) || (has(self.parentFolderRef) && !(has(self.parentFolderUID))) || !(has(self.parentFolderRef) && (has(self.parentFolderUID)))"
},
{
"message": "spec.uid is immutable",
"rule": "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"NoMatchingInstances": {
"type": "boolean"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"hash": {
"type": "string"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,482 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"configMapRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"contentCacheDuration": {
"type": "string"
},
"datasources": {
"items": {
"properties": {
"datasourceName": {
"type": "string"
},
"inputName": {
"type": "string"
}
},
"required": [
"datasourceName",
"inputName"
],
"type": "object"
},
"type": "array"
},
"envFrom": {
"items": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
},
"type": "array"
},
"envs": {
"items": {
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array"
},
"folderRef": {
"type": "string"
},
"folderUID": {
"type": "string"
},
"grafanaCom": {
"properties": {
"id": {
"type": "integer"
},
"revision": {
"type": "integer"
}
},
"required": [
"id"
],
"type": "object"
},
"gzipJson": {
"format": "byte",
"type": "string"
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"json": {
"type": "string"
},
"jsonnet": {
"type": "string"
},
"jsonnetLib": {
"properties": {
"fileName": {
"type": "string"
},
"gzipJsonnetProject": {
"format": "byte",
"type": "string"
},
"jPath": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"fileName",
"gzipJsonnetProject"
],
"type": "object"
},
"oci": {
"properties": {
"insecurePlainHTTP": {
"type": "boolean"
},
"path": {
"maxLength": 512,
"minLength": 1,
"type": "string"
},
"pullSecretRef": {
"properties": {
"name": {
"default": "",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"reference": {
"maxLength": 512,
"minLength": 3,
"pattern": "^[^:@]+(:[^:@/]+|@sha256:[a-fA-F0-9]{64})$",
"type": "string"
}
},
"required": [
"path",
"reference"
],
"type": "object"
},
"plugins": {
"items": {
"properties": {
"name": {
"minLength": 1,
"type": "string"
},
"version": {
"pattern": "^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?|latest)$",
"type": "string"
}
},
"required": [
"name",
"version"
],
"type": "object"
},
"type": "array"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"uid": {
"maxLength": 40,
"pattern": "^[a-zA-Z0-9-_]+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.uid is immutable",
"rule": "self == oldSelf"
}
]
},
"url": {
"pattern": "^https?://.+$",
"type": "string"
},
"urlAuthorization": {
"properties": {
"basicAuth": {
"properties": {
"password": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"username": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
}
},
"type": "object"
}
},
"required": [
"instanceSelector"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "Only one of folderUID or folderRef can be declared at the same time",
"rule": "(has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef) && !(has(self.folderUID))) || !(has(self.folderRef) && (has(self.folderUID)))"
},
{
"message": "spec.uid is immutable",
"rule": "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"contentCache": {
"format": "byte",
"type": "string"
},
"contentTimestamp": {
"format": "date-time",
"type": "string"
},
"contentUrl": {
"type": "string"
},
"hash": {
"type": "string"
},
"lastResync": {
"format": "date-time",
"type": "string"
},
"uid": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,300 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"patch": {
"properties": {
"env": {
"items": {
"properties": {
"name": {
"type": "string"
},
"valueFrom": {
"properties": {
"configMapKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"grafanaRef": {
"properties": {
"apiVersion": {
"type": "string"
},
"fieldPath": {
"type": "string"
}
},
"required": [
"fieldPath"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secretKeyRef": {
"properties": {
"key": {
"type": "string"
},
"name": {
"default": "",
"type": "string"
},
"optional": {
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
}
},
"required": [
"name",
"valueFrom"
],
"type": "object"
},
"type": "array"
},
"scripts": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"scripts"
],
"type": "object"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"template": {
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"metadata": {
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"name": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"namespace": {
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
}
},
"required": [
"name"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "namespace is immutable",
"rule": "((!has(oldSelf.__namespace__) && !has(self.__namespace__)) || (has(oldSelf.__namespace__) && has(self.__namespace__)))"
}
]
},
"spec": {
"x-kubernetes-preserve-unknown-fields": true
}
},
"required": [
"apiVersion",
"kind",
"metadata"
],
"type": "object"
}
},
"required": [
"instanceSelector",
"template"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,212 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"editable": {
"default": true,
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "spec.editable is immutable",
"rule": "self == oldSelf"
}
]
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"name": {
"type": "string"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"time_intervals": {
"items": {
"properties": {
"days_of_month": {
"items": {
"type": "string"
},
"type": "array"
},
"location": {
"type": "string"
},
"months": {
"items": {
"type": "string"
},
"type": "array"
},
"times": {
"items": {
"properties": {
"end_time": {
"type": "string"
},
"start_time": {
"type": "string"
}
},
"required": [
"end_time",
"start_time"
],
"type": "object"
},
"type": "array"
},
"weekdays": {
"items": {
"type": "string"
},
"type": "array"
},
"years": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"instanceSelector",
"name",
"time_intervals"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,314 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"editable": {
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"route": {
"properties": {
"active_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"continue": {
"type": "boolean"
},
"group_by": {
"items": {
"type": "string"
},
"type": "array"
},
"group_interval": {
"type": "string"
},
"group_wait": {
"type": "string"
},
"match_re": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"matchers": {
"items": {
"properties": {
"isEqual": {
"type": "boolean"
},
"isRegex": {
"type": "boolean"
},
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"isRegex",
"value"
],
"type": "object"
},
"type": "array"
},
"mute_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"object_matchers": {
"items": {
"items": {
"type": "string"
},
"type": "array"
},
"type": "array"
},
"provenance": {
"type": "string"
},
"receiver": {
"minLength": 1,
"type": "string"
},
"repeat_interval": {
"type": "string"
},
"routeSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"routes": {
"x-kubernetes-preserve-unknown-fields": true
}
},
"required": [
"receiver"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "continue is invalid on the top level route node",
"rule": "!has(self.__continue__)"
},
{
"message": "match_re is invalid on the top level route node",
"rule": "!has(self.match_re)"
},
{
"message": "matchers is invalid on the top level route node",
"rule": "!has(self.matchers)"
},
{
"message": "object_matchers is invalid on the top level route node",
"rule": "!has(self.object_matchers)"
},
{
"message": "mute_time_intervals is invalid on the top level route node",
"rule": "!has(self.mute_time_intervals)"
},
{
"message": "active_time_intervals is invalid on the top level route node",
"rule": "!has(self.active_time_intervals)"
}
]
},
"suspend": {
"type": "boolean"
}
},
"required": [
"instanceSelector",
"route"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "spec.editable is immutable",
"rule": "((!has(oldSelf.editable) && !has(self.editable)) || (has(oldSelf.editable) && has(self.editable)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"discoveredRoutes": {
"items": {
"type": "string"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,199 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"active_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"continue": {
"type": "boolean"
},
"group_by": {
"items": {
"type": "string"
},
"type": "array"
},
"group_interval": {
"type": "string"
},
"group_wait": {
"type": "string"
},
"match_re": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"matchers": {
"items": {
"properties": {
"isEqual": {
"type": "boolean"
},
"isRegex": {
"type": "boolean"
},
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"isRegex",
"value"
],
"type": "object"
},
"type": "array"
},
"mute_time_intervals": {
"items": {
"type": "string"
},
"type": "array"
},
"object_matchers": {
"items": {
"items": {
"type": "string"
},
"type": "array"
},
"type": "array"
},
"provenance": {
"type": "string"
},
"receiver": {
"minLength": 1,
"type": "string"
},
"repeat_interval": {
"type": "string"
},
"routeSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"routes": {
"x-kubernetes-preserve-unknown-fields": true
}
},
"required": [
"receiver"
],
"type": "object"
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,163 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"allowCrossNamespaceImport": {
"default": false,
"type": "boolean"
},
"editable": {
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "spec.editable is immutable",
"rule": "self == oldSelf"
}
]
},
"instanceSelector": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"x-kubernetes-validations": [
{
"message": "spec.instanceSelector is immutable",
"rule": "self == oldSelf"
}
]
},
"name": {
"type": "string"
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string"
},
"suspend": {
"type": "boolean"
},
"template": {
"type": "string"
}
},
"required": [
"instanceSelector",
"name"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "spec.editable is immutable",
"rule": "((!has(oldSelf.editable) && !has(self.editable)) || (has(oldSelf.editable) && has(self.editable)))"
},
{
"message": "disabling spec.allowCrossNamespaceImport requires a recreate to ensure desired state",
"rule": "!oldSelf.allowCrossNamespaceImport || (oldSelf.allowCrossNamespaceImport && self.allowCrossNamespaceImport)"
}
]
},
"status": {
"properties": {
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}
@@ -1,221 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"apiVersion": {
"type": "string"
},
"kind": {
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"instanceName": {
"minLength": 1,
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.instanceName is immutable",
"rule": "self == oldSelf"
}
]
},
"isDisabled": {
"default": false,
"type": "boolean"
},
"name": {
"minLength": 1,
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.name is immutable",
"rule": "self == oldSelf"
}
]
},
"resyncPeriod": {
"pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$",
"type": "string",
"x-kubernetes-validations": [
{
"message": "spec.resyncPeriod must be greater than 0",
"rule": "duration(self) > duration('0s')"
}
]
},
"role": {
"enum": [
"Viewer",
"Editor",
"Admin"
],
"type": "string"
},
"suspend": {
"default": false,
"type": "boolean"
},
"tokens": {
"items": {
"properties": {
"expires": {
"format": "date-time",
"type": "string"
},
"name": {
"minLength": 1,
"type": "string"
},
"secretName": {
"minLength": 1,
"type": "string"
}
},
"required": [
"name"
],
"type": "object"
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
}
},
"required": [
"instanceName",
"role"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "spec.name is immutable",
"rule": "((!has(oldSelf.name) && !has(self.name)) || (has(oldSelf.name) && has(self.name)))"
}
]
},
"status": {
"properties": {
"account": {
"properties": {
"id": {
"format": "int64",
"type": "integer"
},
"isDisabled": {
"type": "boolean"
},
"login": {
"type": "string"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
},
"tokens": {
"items": {
"properties": {
"expires": {
"format": "date-time",
"type": "string"
},
"id": {
"format": "int64",
"type": "integer"
},
"name": {
"type": "string"
},
"secret": {
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
}
},
"type": "object"
}
},
"required": [
"id",
"name"
],
"type": "object"
},
"type": "array"
}
},
"required": [
"id",
"isDisabled",
"login",
"name",
"role"
],
"type": "object"
},
"conditions": {
"items": {
"properties": {
"lastTransitionTime": {
"format": "date-time",
"type": "string"
},
"message": {
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object"
},
"type": "array"
},
"lastResync": {
"format": "date-time",
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}