1apiVersion: v1
2kind: Namespace
3metadata:
4 labels:
5 workload.edge.ncr.com: platform
6 name: warehouse-system
7---
8apiVersion: apiextensions.k8s.io/v1
9kind: CustomResourceDefinition
10metadata:
11 annotations:
12 controller-gen.kubebuilder.io/version: v0.9.2
13 name: servicemonitors.monitoring.coreos.com
14spec:
15 group: monitoring.coreos.com
16 names:
17 categories:
18 - prometheus-operator
19 kind: ServiceMonitor
20 listKind: ServiceMonitorList
21 plural: servicemonitors
22 shortNames:
23 - smon
24 singular: servicemonitor
25 scope: Namespaced
26 versions:
27 - name: v1
28 schema:
29 openAPIV3Schema:
30 description: ServiceMonitor defines monitoring for a set of services.
31 properties:
32 apiVersion:
33 description: 'APIVersion defines the versioned schema of this representation
34 of an object. Servers should convert recognized schemas to the latest
35 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
36 type: string
37 kind:
38 description: 'Kind is a string value representing the REST resource this
39 object represents. Servers may infer this from the endpoint the client
40 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
41 type: string
42 metadata:
43 type: object
44 spec:
45 description: Specification of desired Service selection for target discovery
46 by Prometheus.
47 properties:
48 endpoints:
49 description: A list of endpoints allowed as part of this ServiceMonitor.
50 items:
51 description: Endpoint defines a scrapeable endpoint serving Prometheus
52 metrics.
53 properties:
54 authorization:
55 description: Authorization section for this endpoint
56 properties:
57 credentials:
58 description: The secret's key that contains the credentials
59 of the request
60 properties:
61 key:
62 description: The key of the secret to select from. Must
63 be a valid secret key.
64 type: string
65 name:
66 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
67 TODO: Add other useful fields. apiVersion, kind, uid?'
68 type: string
69 optional:
70 description: Specify whether the Secret or its key must
71 be defined
72 type: boolean
73 required:
74 - key
75 type: object
76 x-kubernetes-map-type: atomic
77 type:
78 description: Set the authentication type. Defaults to Bearer,
79 Basic will cause an error
80 type: string
81 type: object
82 basicAuth:
83 description: 'BasicAuth allow an endpoint to authenticate over
84 basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
85 properties:
86 password:
87 description: The secret in the service monitor namespace
88 that contains the password for authentication.
89 properties:
90 key:
91 description: The key of the secret to select from. Must
92 be a valid secret key.
93 type: string
94 name:
95 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
96 TODO: Add other useful fields. apiVersion, kind, uid?'
97 type: string
98 optional:
99 description: Specify whether the Secret or its key must
100 be defined
101 type: boolean
102 required:
103 - key
104 type: object
105 x-kubernetes-map-type: atomic
106 username:
107 description: The secret in the service monitor namespace
108 that contains the username for authentication.
109 properties:
110 key:
111 description: The key of the secret to select from. Must
112 be a valid secret key.
113 type: string
114 name:
115 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
116 TODO: Add other useful fields. apiVersion, kind, uid?'
117 type: string
118 optional:
119 description: Specify whether the Secret or its key must
120 be defined
121 type: boolean
122 required:
123 - key
124 type: object
125 x-kubernetes-map-type: atomic
126 type: object
127 bearerTokenFile:
128 description: File to read bearer token for scraping targets.
129 type: string
130 bearerTokenSecret:
131 description: Secret to mount to read bearer token for scraping
132 targets. The secret needs to be in the same namespace as the
133 service monitor and accessible by the Prometheus Operator.
134 properties:
135 key:
136 description: The key of the secret to select from. Must
137 be a valid secret key.
138 type: string
139 name:
140 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
141 TODO: Add other useful fields. apiVersion, kind, uid?'
142 type: string
143 optional:
144 description: Specify whether the Secret or its key must
145 be defined
146 type: boolean
147 required:
148 - key
149 type: object
150 x-kubernetes-map-type: atomic
151 enableHttp2:
152 description: Whether to enable HTTP2.
153 type: boolean
154 followRedirects:
155 description: FollowRedirects configures whether scrape requests
156 follow HTTP 3xx redirects.
157 type: boolean
158 honorLabels:
159 description: HonorLabels chooses the metric's labels on collisions
160 with target labels.
161 type: boolean
162 honorTimestamps:
163 description: HonorTimestamps controls whether Prometheus respects
164 the timestamps present in scraped data.
165 type: boolean
166 interval:
167 description: Interval at which metrics should be scraped If
168 not specified Prometheus' global scrape interval is used.
169 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
170 type: string
171 metricRelabelings:
172 description: MetricRelabelConfigs to apply to samples before
173 ingestion.
174 items:
175 description: 'RelabelConfig allows dynamic rewriting of the
176 label set, being applied to samples before ingestion. It
177 defines `<metric_relabel_configs>`-section of Prometheus
178 configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
179 properties:
180 action:
181 default: replace
182 description: Action to perform based on regex matching.
183 Default is 'replace'. uppercase and lowercase actions
184 require Prometheus >= 2.36.
185 enum:
186 - replace
187 - Replace
188 - keep
189 - Keep
190 - drop
191 - Drop
192 - hashmod
193 - HashMod
194 - labelmap
195 - LabelMap
196 - labeldrop
197 - LabelDrop
198 - labelkeep
199 - LabelKeep
200 - lowercase
201 - Lowercase
202 - uppercase
203 - Uppercase
204 type: string
205 modulus:
206 description: Modulus to take of the hash of the source
207 label values.
208 format: int64
209 type: integer
210 regex:
211 description: Regular expression against which the extracted
212 value is matched. Default is '(.*)'
213 type: string
214 replacement:
215 description: Replacement value against which a regex replace
216 is performed if the regular expression matches. Regex
217 capture groups are available. Default is '$1'
218 type: string
219 separator:
220 description: Separator placed between concatenated source
221 label values. default is ';'.
222 type: string
223 sourceLabels:
224 description: The source labels select values from existing
225 labels. Their content is concatenated using the configured
226 separator and matched against the configured regular
227 expression for the replace, keep, and drop actions.
228 items:
229 description: LabelName is a valid Prometheus label name
230 which may only contain ASCII letters, numbers, as
231 well as underscores.
232 pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
233 type: string
234 type: array
235 targetLabel:
236 description: Label to which the resulting value is written
237 in a replace action. It is mandatory for replace actions.
238 Regex capture groups are available.
239 type: string
240 type: object
241 type: array
242 oauth2:
243 description: OAuth2 for the URL. Only valid in Prometheus versions
244 2.27.0 and newer.
245 properties:
246 clientId:
247 description: The secret or configmap containing the OAuth2
248 client id
249 properties:
250 configMap:
251 description: ConfigMap containing data to use for the
252 targets.
253 properties:
254 key:
255 description: The key to select.
256 type: string
257 name:
258 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
259 TODO: Add other useful fields. apiVersion, kind,
260 uid?'
261 type: string
262 optional:
263 description: Specify whether the ConfigMap or its
264 key must be defined
265 type: boolean
266 required:
267 - key
268 type: object
269 x-kubernetes-map-type: atomic
270 secret:
271 description: Secret containing data to use for the targets.
272 properties:
273 key:
274 description: The key of the secret to select from. Must
275 be a valid secret key.
276 type: string
277 name:
278 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
279 TODO: Add other useful fields. apiVersion, kind,
280 uid?'
281 type: string
282 optional:
283 description: Specify whether the Secret or its key
284 must be defined
285 type: boolean
286 required:
287 - key
288 type: object
289 x-kubernetes-map-type: atomic
290 type: object
291 clientSecret:
292 description: The secret containing the OAuth2 client secret
293 properties:
294 key:
295 description: The key of the secret to select from. Must
296 be a valid secret key.
297 type: string
298 name:
299 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
300 TODO: Add other useful fields. apiVersion, kind, uid?'
301 type: string
302 optional:
303 description: Specify whether the Secret or its key must
304 be defined
305 type: boolean
306 required:
307 - key
308 type: object
309 x-kubernetes-map-type: atomic
310 endpointParams:
311 additionalProperties:
312 type: string
313 description: Parameters to append to the token URL
314 type: object
315 scopes:
316 description: OAuth2 scopes used for the token request
317 items:
318 type: string
319 type: array
320 tokenUrl:
321 description: The URL to fetch the token from
322 minLength: 1
323 type: string
324 required:
325 - clientId
326 - clientSecret
327 - tokenUrl
328 type: object
329 params:
330 additionalProperties:
331 items:
332 type: string
333 type: array
334 description: Optional HTTP URL parameters
335 type: object
336 path:
337 description: HTTP path to scrape for metrics. If empty, Prometheus
338 uses the default value (e.g. `/metrics`).
339 type: string
340 port:
341 description: Name of the service port this endpoint refers to.
342 Mutually exclusive with targetPort.
343 type: string
344 proxyUrl:
345 description: ProxyURL eg http://proxyserver:2195 Directs scrapes
346 to proxy through this endpoint.
347 type: string
348 relabelings:
349 description: 'RelabelConfigs to apply to samples before scraping.
350 Prometheus Operator automatically adds relabelings for a few
351 standard Kubernetes fields. The original scrape job''s name
352 is available via the `__tmp_prometheus_job_name` label. More
353 info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
354 items:
355 description: 'RelabelConfig allows dynamic rewriting of the
356 label set, being applied to samples before ingestion. It
357 defines `<metric_relabel_configs>`-section of Prometheus
358 configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
359 properties:
360 action:
361 default: replace
362 description: Action to perform based on regex matching.
363 Default is 'replace'. uppercase and lowercase actions
364 require Prometheus >= 2.36.
365 enum:
366 - replace
367 - Replace
368 - keep
369 - Keep
370 - drop
371 - Drop
372 - hashmod
373 - HashMod
374 - labelmap
375 - LabelMap
376 - labeldrop
377 - LabelDrop
378 - labelkeep
379 - LabelKeep
380 - lowercase
381 - Lowercase
382 - uppercase
383 - Uppercase
384 type: string
385 modulus:
386 description: Modulus to take of the hash of the source
387 label values.
388 format: int64
389 type: integer
390 regex:
391 description: Regular expression against which the extracted
392 value is matched. Default is '(.*)'
393 type: string
394 replacement:
395 description: Replacement value against which a regex replace
396 is performed if the regular expression matches. Regex
397 capture groups are available. Default is '$1'
398 type: string
399 separator:
400 description: Separator placed between concatenated source
401 label values. default is ';'.
402 type: string
403 sourceLabels:
404 description: The source labels select values from existing
405 labels. Their content is concatenated using the configured
406 separator and matched against the configured regular
407 expression for the replace, keep, and drop actions.
408 items:
409 description: LabelName is a valid Prometheus label name
410 which may only contain ASCII letters, numbers, as
411 well as underscores.
412 pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
413 type: string
414 type: array
415 targetLabel:
416 description: Label to which the resulting value is written
417 in a replace action. It is mandatory for replace actions.
418 Regex capture groups are available.
419 type: string
420 type: object
421 type: array
422 scheme:
423 description: HTTP scheme to use for scraping.
424 type: string
425 scrapeTimeout:
426 description: Timeout after which the scrape is ended If not
427 specified, the Prometheus global scrape timeout is used unless
428 it is less than `Interval` in which the latter is used.
429 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
430 type: string
431 targetPort:
432 anyOf:
433 - type: integer
434 - type: string
435 description: Name or number of the target port of the Pod behind
436 the Service, the port must be specified with container port
437 property. Mutually exclusive with port.
438 x-kubernetes-int-or-string: true
439 tlsConfig:
440 description: TLS configuration to use when scraping the endpoint
441 properties:
442 ca:
443 description: Struct containing the CA cert to use for the
444 targets.
445 properties:
446 configMap:
447 description: ConfigMap containing data to use for the
448 targets.
449 properties:
450 key:
451 description: The key to select.
452 type: string
453 name:
454 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
455 TODO: Add other useful fields. apiVersion, kind,
456 uid?'
457 type: string
458 optional:
459 description: Specify whether the ConfigMap or its
460 key must be defined
461 type: boolean
462 required:
463 - key
464 type: object
465 x-kubernetes-map-type: atomic
466 secret:
467 description: Secret containing data to use for the targets.
468 properties:
469 key:
470 description: The key of the secret to select from. Must
471 be a valid secret key.
472 type: string
473 name:
474 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
475 TODO: Add other useful fields. apiVersion, kind,
476 uid?'
477 type: string
478 optional:
479 description: Specify whether the Secret or its key
480 must be defined
481 type: boolean
482 required:
483 - key
484 type: object
485 x-kubernetes-map-type: atomic
486 type: object
487 caFile:
488 description: Path to the CA cert in the Prometheus container
489 to use for the targets.
490 type: string
491 cert:
492 description: Struct containing the client cert file for
493 the targets.
494 properties:
495 configMap:
496 description: ConfigMap containing data to use for the
497 targets.
498 properties:
499 key:
500 description: The key to select.
501 type: string
502 name:
503 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
504 TODO: Add other useful fields. apiVersion, kind,
505 uid?'
506 type: string
507 optional:
508 description: Specify whether the ConfigMap or its
509 key must be defined
510 type: boolean
511 required:
512 - key
513 type: object
514 x-kubernetes-map-type: atomic
515 secret:
516 description: Secret containing data to use for the targets.
517 properties:
518 key:
519 description: The key of the secret to select from. Must
520 be a valid secret key.
521 type: string
522 name:
523 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
524 TODO: Add other useful fields. apiVersion, kind,
525 uid?'
526 type: string
527 optional:
528 description: Specify whether the Secret or its key
529 must be defined
530 type: boolean
531 required:
532 - key
533 type: object
534 x-kubernetes-map-type: atomic
535 type: object
536 certFile:
537 description: Path to the client cert file in the Prometheus
538 container for the targets.
539 type: string
540 insecureSkipVerify:
541 description: Disable target certificate validation.
542 type: boolean
543 keyFile:
544 description: Path to the client key file in the Prometheus
545 container for the targets.
546 type: string
547 keySecret:
548 description: Secret containing the client key file for the
549 targets.
550 properties:
551 key:
552 description: The key of the secret to select from. Must
553 be a valid secret key.
554 type: string
555 name:
556 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
557 TODO: Add other useful fields. apiVersion, kind, uid?'
558 type: string
559 optional:
560 description: Specify whether the Secret or its key must
561 be defined
562 type: boolean
563 required:
564 - key
565 type: object
566 x-kubernetes-map-type: atomic
567 serverName:
568 description: Used to verify the hostname for the targets.
569 type: string
570 type: object
571 type: object
572 type: array
573 jobLabel:
574 description: "JobLabel selects the label from the associated Kubernetes
575 service which will be used as the `job` label for all metrics. \n
576 For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo:
577 bar`, then the `job=\"bar\"` label is added to all metrics. \n If
578 the value of this field is empty or if the label doesn't exist for
579 the given Service, the `job` label of the metrics defaults to the
580 name of the Kubernetes Service."
581 type: string
582 labelLimit:
583 description: Per-scrape limit on number of labels that will be accepted
584 for a sample. Only valid in Prometheus versions 2.27.0 and newer.
585 format: int64
586 type: integer
587 labelNameLengthLimit:
588 description: Per-scrape limit on length of labels name that will be
589 accepted for a sample. Only valid in Prometheus versions 2.27.0
590 and newer.
591 format: int64
592 type: integer
593 labelValueLengthLimit:
594 description: Per-scrape limit on length of labels value that will
595 be accepted for a sample. Only valid in Prometheus versions 2.27.0
596 and newer.
597 format: int64
598 type: integer
599 namespaceSelector:
600 description: Selector to select which namespaces the Kubernetes Endpoints
601 objects are discovered from.
602 properties:
603 any:
604 description: Boolean describing whether all namespaces are selected
605 in contrast to a list restricting them.
606 type: boolean
607 matchNames:
608 description: List of namespace names to select from.
609 items:
610 type: string
611 type: array
612 type: object
613 podTargetLabels:
614 description: PodTargetLabels transfers labels on the Kubernetes `Pod`
615 onto the created metrics.
616 items:
617 type: string
618 type: array
619 sampleLimit:
620 description: SampleLimit defines per-scrape limit on number of scraped
621 samples that will be accepted.
622 format: int64
623 type: integer
624 selector:
625 description: Selector to select Endpoints objects.
626 properties:
627 matchExpressions:
628 description: matchExpressions is a list of label selector requirements.
629 The requirements are ANDed.
630 items:
631 description: A label selector requirement is a selector that
632 contains values, a key, and an operator that relates the key
633 and values.
634 properties:
635 key:
636 description: key is the label key that the selector applies
637 to.
638 type: string
639 operator:
640 description: operator represents a key's relationship to
641 a set of values. Valid operators are In, NotIn, Exists
642 and DoesNotExist.
643 type: string
644 values:
645 description: values is an array of string values. If the
646 operator is In or NotIn, the values array must be non-empty.
647 If the operator is Exists or DoesNotExist, the values
648 array must be empty. This array is replaced during a strategic
649 merge patch.
650 items:
651 type: string
652 type: array
653 required:
654 - key
655 - operator
656 type: object
657 type: array
658 matchLabels:
659 additionalProperties:
660 type: string
661 description: matchLabels is a map of {key,value} pairs. A single
662 {key,value} in the matchLabels map is equivalent to an element
663 of matchExpressions, whose key field is "key", the operator
664 is "In", and the values array contains only "value". The requirements
665 are ANDed.
666 type: object
667 type: object
668 x-kubernetes-map-type: atomic
669 targetLabels:
670 description: TargetLabels transfers labels from the Kubernetes `Service`
671 onto the created metrics.
672 items:
673 type: string
674 type: array
675 targetLimit:
676 description: TargetLimit defines a limit on the number of scraped
677 targets that will be accepted.
678 format: int64
679 type: integer
680 required:
681 - endpoints
682 - selector
683 type: object
684 required:
685 - spec
686 type: object
687 served: true
688 storage: true
689---
690apiVersion: apiextensions.k8s.io/v1
691kind: CustomResourceDefinition
692metadata:
693 annotations:
694 controller-gen.kubebuilder.io/version: (unknown)
695 name: shipments.warehouse.edge.ncr.com
696spec:
697 group: warehouse.edge.ncr.com
698 names:
699 kind: Shipment
700 listKind: ShipmentList
701 plural: shipments
702 singular: shipment
703 scope: Cluster
704 versions:
705 - additionalPrinterColumns:
706 - jsonPath: .metadata.creationTimestamp
707 name: Age
708 type: date
709 - jsonPath: .status.conditions[?(@.type=="Ready")].status
710 name: Ready
711 type: string
712 - jsonPath: .status.conditions[?(@.type=="Ready")].message
713 name: Status
714 type: string
715 name: v1alpha1
716 schema:
717 openAPIV3Schema:
718 description: Shipment is one or more Pallets that will be unpacked and scheduled
719 to the cluster.
720 properties:
721 apiVersion:
722 description: 'APIVersion defines the versioned schema of this representation
723 of an object. Servers should convert recognized schemas to the latest
724 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
725 type: string
726 kind:
727 description: 'Kind is a string value representing the REST resource this
728 object represents. Servers may infer this from the endpoint the client
729 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
730 type: string
731 metadata:
732 type: object
733 spec:
734 properties:
735 creds:
736 description: Credentials is an optional secret reference pointing
737 to a secret containing registry credentials. The secret must be
738 of type kubernetes.io/dockerconfigjson
739 properties:
740 name:
741 description: name is unique within a namespace to reference a
742 secret resource.
743 type: string
744 namespace:
745 description: namespace defines the space within which the secret
746 name must be unique.
747 type: string
748 type: object
749 force:
750 default: false
751 description: Force indicates whether or not objects should be forced
752 by deleting and re-creating when there is a conflict due to immutable
753 fields changing.
754 type: boolean
755 interval:
756 default: 60s
757 description: Interval is how often the object will be reconciled,
758 in order to prevent drift.
759 type: string
760 pallets:
761 description: "Pallets is the set of Pallet packages that will be pulled
762 and reconciled, without the repository string. Each Pallet reference
763 is completed from the Repository field. \n All Pallets are resolved
764 into a single, deduped graph to ensure that there is no more than
765 one version of a package. How conflicts are resolved is configurable
766 via Resolution"
767 items:
768 description: BaseArtifact describes a reference to a Warehouse package
769 without a repository that can be embedded in a K8s resource spec.
770 properties:
771 digest:
772 description: Digest is the sha256 digest of the OCI artifact
773 to apply to the cluster. Takes precedence over tag if set.
774 type: string
775 name:
776 description: Name is the unique package name for the Warehouse
777 package. It is appended to the provided Repository to produce
778 the full repository string, e.g., gcr.io/foo/bar, where bar
779 is the name of the package and gcr.io/foo is the provided
780 Repository string
781 type: string
782 tag:
783 description: Tag is a mutable reference to the OCI artifact
784 to apply. Defaults to "latest" if neither Tag or Digest are
785 set.
786 type: string
787 required:
788 - name
789 type: object
790 minItems: 1
791 type: array
792 prune:
793 description: Prune indicates whether or not objects should be pruned
794 between reconciles or when the object is deleted. You may want to
795 use this for deployments that you really don't want deleted.
796 type: boolean
797 rendering:
798 description: Rendering is the configuration controlling how the unpacked
799 K8s manifests are rendered before applying.
800 items:
801 properties:
802 configMapRef:
803 description: ConfigMapRef references a K8s ConfigMap to pull
804 parameters from. Mutually exclusive with Variables.
805 properties:
806 name:
807 description: Name of the referent.
808 maxLength: 253
809 minLength: 1
810 type: string
811 namespace:
812 description: Namespace of the referent, when not specified
813 it acts as LocalObjectReference.
814 maxLength: 253
815 minLength: 1
816 type: string
817 required:
818 - name
819 type: object
820 mapping:
821 additionalProperties:
822 type: string
823 description: 'Mapping of rendering parameters to specific keys
824 in the referenced ConfigMap, e.g.: {gcp_project_id: gcp.projectId}
825 where ''gcp.projectId'' is a key in the ConfigMap.'
826 type: object
827 parameters:
828 additionalProperties:
829 type: string
830 description: Parameters are inlined parameters. Mutually exclusive
831 with ConfigMapRef.
832 type: object
833 type: object
834 type: array
835 repo:
836 description: Repository is the image repository that all Pallets will
837 be pulled from. It MUST be the entire repository string up to the
838 Pallet package name, e.g. gcr.io/foo if packages are gcr.io/foo/bar,
839 gcr.io/foo/bax, ... All packages must come from the same repository
840 because resolving the graph of packages may discover the same digest
841 in multiple repositories. This controller won't make value judgements
842 as to which repository should be used in conflict.
843 type: string
844 resolution:
845 description: Resolution is the rules for resolving conflicts in the
846 resolved graph for the pallets included in this shipment. By default,
847 a Shipment will be marked Stalled if it references a list of pallets
848 which don't produce a consistent (e.g., no conflicting digests)
849 resolved graph.
850 properties:
851 acceptFirst:
852 description: AcceptFirst will accept the first digest it encounters
853 for each package during graph resolution. If the package exists
854 in the graph with a differing digest, it is dropped. This is
855 the simplest way to force a set of conflicting packages to produce
856 a consistent graph, but doesn't provide any additional control
857 type: boolean
858 pins:
859 description: Pins are a mapping of package names to digests that
860 are forced during graph resolution, analogous to pinning transitive
861 dependency versions using `replace` directives in a `go.mod`
862 file.
863 items:
864 description: Pin is a specific digest associated with a package
865 name, used to "pin" the package to that digest when resolving
866 package graphs or reflect the result of a resolved set of
867 packages.
868 properties:
869 digest:
870 description: Digest is the digest for the package reference
871 (e.g., `shoot:latest`, Pallet.Digest())
872 type: string
873 name:
874 type: string
875 resolvedDigest:
876 description: ResolvedDigest is the digest of the provider-specific
877 variant pulled from the package based on where it is being
878 scheduled.
879 type: string
880 required:
881 - digest
882 - name
883 - resolvedDigest
884 type: object
885 type: array
886 type: object
887 retryInterval:
888 default: 10s
889 description: RetryInterval is how often to retry previously failed
890 reconciliations. Defaults to Interval if not provided.
891 type: string
892 suspend:
893 description: This flag tells the controller to suspend subsequent
894 reconciliations, it does not apply to already started reconciliations.
895 Defaults to false.
896 type: boolean
897 timeout:
898 default: 120s
899 description: Timeout is how long the controller will wait for the
900 applied objects to reconcile.
901 type: string
902 unpack:
903 description: UnpackOptions
904 properties:
905 capabilities:
906 description: Capabilities are additional runtime layers to apply.
907 If Runtime is set to false, this field must be empty.
908 items:
909 type: string
910 type: array
911 infra:
912 default: false
913 description: Infra is whether or not to schedule infrastructure
914 objects.
915 type: boolean
916 infraNamespace:
917 description: InfraNamespace is the K8s namespace the infra objects
918 should be scheduled to. If provided, the metadata.namespace
919 of unpacked infra objects is updated using Kustomize filters
920 on unpack.
921 type: string
922 provider:
923 description: Provider is the K8s cluster provider that should
924 be unpacked. By default, it is the same cluster provider that
925 Lumper was scheduled onto. If Runtime is true, this option cannot
926 be set to a value that conflicts with Lumper's startup configuration
927 (e.g., you cannot schedule non-GKE runtime resources to a GKE
928 cluster)
929 type: string
930 runtime:
931 default: false
932 description: Runtime determines if runtime resources should be
933 applied. By default, only the base runtime layer is applied.
934 type: boolean
935 type: object
936 required:
937 - force
938 - pallets
939 - prune
940 - repo
941 type: object
942 status:
943 default:
944 observedGeneration: -1
945 description: ShipmentStatus contains the readiness of the reconciled resources
946 and an inventory of currently applied resources.
947 properties:
948 conditions:
949 items:
950 description: "Condition contains details for one aspect of the current
951 state of this API Resource. --- This struct is intended for direct
952 use as an array at the field path .status.conditions. For example,
953 \n type FooStatus struct{ // Represents the observations of a
954 foo's current state. // Known .status.conditions.type are: \"Available\",
955 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
956 // +listType=map // +listMapKey=type Conditions []metav1.Condition
957 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
958 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
959 properties:
960 lastTransitionTime:
961 description: lastTransitionTime is the last time the condition
962 transitioned from one status to another. This should be when
963 the underlying condition changed. If that is not known, then
964 using the time when the API field changed is acceptable.
965 format: date-time
966 type: string
967 message:
968 description: message is a human readable message indicating
969 details about the transition. This may be an empty string.
970 maxLength: 32768
971 type: string
972 observedGeneration:
973 description: observedGeneration represents the .metadata.generation
974 that the condition was set based upon. For instance, if .metadata.generation
975 is currently 12, but the .status.conditions[x].observedGeneration
976 is 9, the condition is out of date with respect to the current
977 state of the instance.
978 format: int64
979 minimum: 0
980 type: integer
981 reason:
982 description: reason contains a programmatic identifier indicating
983 the reason for the condition's last transition. Producers
984 of specific condition types may define expected values and
985 meanings for this field, and whether the values are considered
986 a guaranteed API. The value should be a CamelCase string.
987 This field may not be empty.
988 maxLength: 1024
989 minLength: 1
990 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
991 type: string
992 status:
993 description: status of the condition, one of True, False, Unknown.
994 enum:
995 - "True"
996 - "False"
997 - Unknown
998 type: string
999 type:
1000 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1001 --- Many .condition.type values are consistent across resources
1002 like Available, but because arbitrary conditions can be useful
1003 (see .node.status.conditions), the ability to deconflict is
1004 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1005 maxLength: 316
1006 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1007 type: string
1008 required:
1009 - lastTransitionTime
1010 - message
1011 - reason
1012 - status
1013 - type
1014 type: object
1015 type: array
1016 inventory:
1017 description: Inventory is the K8s resources that this object manages.
1018 properties:
1019 entries:
1020 description: Entries of Kubernetes resource object references.
1021 items:
1022 description: ResourceRef contains the information necessary
1023 to locate a resource within a cluster.
1024 properties:
1025 id:
1026 description: ID is the string representation of the Kubernetes
1027 resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
1028 type: string
1029 v:
1030 description: Version is the API version of the Kubernetes
1031 resource object's kind.
1032 type: string
1033 required:
1034 - id
1035 - v
1036 type: object
1037 type: array
1038 type: object
1039 lastApplied:
1040 description: LastApplied is the last set of resolved artifacts that
1041 were applied.
1042 items:
1043 description: Pin is a specific digest associated with a package
1044 name, used to "pin" the package to that digest when resolving
1045 package graphs or reflect the result of a resolved set of packages.
1046 properties:
1047 digest:
1048 description: Digest is the digest for the package reference
1049 (e.g., `shoot:latest`, Pallet.Digest())
1050 type: string
1051 name:
1052 type: string
1053 resolvedDigest:
1054 description: ResolvedDigest is the digest of the provider-specific
1055 variant pulled from the package based on where it is being
1056 scheduled.
1057 type: string
1058 required:
1059 - digest
1060 - name
1061 - resolvedDigest
1062 type: object
1063 type: array
1064 lastAttempted:
1065 description: LastAttempted is the last set of resolved artifacts that
1066 the controller attempted to apply.
1067 items:
1068 description: Pin is a specific digest associated with a package
1069 name, used to "pin" the package to that digest when resolving
1070 package graphs or reflect the result of a resolved set of packages.
1071 properties:
1072 digest:
1073 description: Digest is the digest for the package reference
1074 (e.g., `shoot:latest`, Pallet.Digest())
1075 type: string
1076 name:
1077 type: string
1078 resolvedDigest:
1079 description: ResolvedDigest is the digest of the provider-specific
1080 variant pulled from the package based on where it is being
1081 scheduled.
1082 type: string
1083 required:
1084 - digest
1085 - name
1086 - resolvedDigest
1087 type: object
1088 type: array
1089 lastHandledReconcileAt:
1090 description: LastHandledReconcileAt holds the value of the most recent
1091 reconcile request value, so a change of the annotation value can
1092 be detected.
1093 type: string
1094 observedGeneration:
1095 format: int64
1096 type: integer
1097 type: object
1098 type: object
1099 served: true
1100 storage: true
1101 subresources:
1102 status: {}
1103---
1104apiVersion: apiextensions.k8s.io/v1
1105kind: CustomResourceDefinition
1106metadata:
1107 annotations:
1108 controller-gen.kubebuilder.io/version: (unknown)
1109 name: unpackedpallets.warehouse.edge.ncr.com
1110spec:
1111 group: warehouse.edge.ncr.com
1112 names:
1113 kind: UnpackedPallet
1114 listKind: UnpackedPalletList
1115 plural: unpackedpallets
1116 singular: unpackedpallet
1117 scope: Cluster
1118 versions:
1119 - additionalPrinterColumns:
1120 - jsonPath: .status.shortDigest
1121 name: Digest
1122 type: string
1123 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1124 name: Ready
1125 type: string
1126 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1127 name: Status
1128 type: string
1129 - jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime
1130 name: Status Age
1131 type: date
1132 - jsonPath: .spec.prune
1133 name: Prune
1134 priority: 1
1135 type: string
1136 - jsonPath: .spec.suspend
1137 name: Suspend
1138 priority: 1
1139 type: string
1140 - jsonPath: .status.shipment
1141 name: Shipment
1142 priority: 1
1143 type: string
1144 - jsonPath: .spec.force
1145 name: Force
1146 priority: 1
1147 type: string
1148 - jsonPath: .status.dependencies
1149 name: Dependencies
1150 priority: 1
1151 type: string
1152 - jsonPath: .metadata.creationTimestamp
1153 name: Age
1154 type: date
1155 name: v1alpha1
1156 schema:
1157 openAPIV3Schema:
1158 description: "UnpackedPallet is an individual package that will be unpacked
1159 and scheduled to the cluster. \n Generally, this object shouldn't be created
1160 directly, it should be created via Shipment objects, similarly to how a
1161 Deployment schedules a ReplicaSet."
1162 properties:
1163 apiVersion:
1164 description: 'APIVersion defines the versioned schema of this representation
1165 of an object. Servers should convert recognized schemas to the latest
1166 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1167 type: string
1168 kind:
1169 description: 'Kind is a string value representing the REST resource this
1170 object represents. Servers may infer this from the endpoint the client
1171 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1172 type: string
1173 metadata:
1174 type: object
1175 spec:
1176 properties:
1177 creds:
1178 description: Credentials is an optional secret reference pointing
1179 to a secret containing registry credentials. The secret must be
1180 of type kubernetes.io/dockerconfigjson
1181 properties:
1182 name:
1183 description: name is unique within a namespace to reference a
1184 secret resource.
1185 type: string
1186 namespace:
1187 description: namespace defines the space within which the secret
1188 name must be unique.
1189 type: string
1190 type: object
1191 dependsOn:
1192 description: DependsOn is the list of UnpackedPallets that need to
1193 be successfully reconciled first.
1194 items:
1195 description: LocalObjectReference contains enough information to
1196 locate the referenced Kubernetes resource object.
1197 properties:
1198 name:
1199 description: Name of the referent.
1200 maxLength: 253
1201 minLength: 1
1202 type: string
1203 required:
1204 - name
1205 type: object
1206 type: array
1207 digest:
1208 description: Digest is the sha256 digest of the OCI artifact to apply
1209 to the cluster. Takes precedence over tag if set.
1210 type: string
1211 force:
1212 default: false
1213 description: Force indicates whether or not objects should be forced
1214 by deleting and re-creating when there is a conflict due to immutable
1215 fields changing.
1216 type: boolean
1217 interval:
1218 default: 60s
1219 description: Interval is how often the object will be reconciled,
1220 in order to prevent drift.
1221 type: string
1222 name:
1223 description: Name is the unique package name for the Warehouse package.
1224 It is appended to the provided Repository to produce the full repository
1225 string, e.g., gcr.io/foo/bar, where bar is the name of the package
1226 and gcr.io/foo is the provided Repository string
1227 type: string
1228 parameters:
1229 additionalProperties:
1230 type: string
1231 description: Parameters are the key/value pairs that will be used
1232 while rendering manifests from unpacked pallets.
1233 type: object
1234 prune:
1235 description: Prune indicates whether or not objects should be pruned
1236 between reconciles or when the object is deleted. You may want to
1237 use this for deployments that you really don't want deleted.
1238 type: boolean
1239 repo:
1240 description: Repository is the image repository that the tag or digest
1241 should be pulled from, e.g., gcr.io/foo
1242 type: string
1243 retryInterval:
1244 default: 10s
1245 description: RetryInterval is how often to retry previously failed
1246 reconciliations. Defaults to Interval if not provided.
1247 type: string
1248 suspend:
1249 description: This flag tells the controller to suspend subsequent
1250 reconciliations, it does not apply to already started reconciliations.
1251 Defaults to false.
1252 type: boolean
1253 tag:
1254 description: Tag is a mutable reference to the OCI artifact to apply.
1255 Defaults to "latest" if neither Tag or Digest are set.
1256 type: string
1257 timeout:
1258 default: 120s
1259 description: Timeout is how long the controller will wait for the
1260 applied objects to reconcile.
1261 type: string
1262 unpack:
1263 description: UnpackOptions
1264 properties:
1265 capabilities:
1266 description: Capabilities are additional runtime layers to apply.
1267 If Runtime is set to false, this field must be empty.
1268 items:
1269 type: string
1270 type: array
1271 infra:
1272 default: false
1273 description: Infra is whether or not to schedule infrastructure
1274 objects.
1275 type: boolean
1276 infraNamespace:
1277 description: InfraNamespace is the K8s namespace the infra objects
1278 should be scheduled to. If provided, the metadata.namespace
1279 of unpacked infra objects is updated using Kustomize filters
1280 on unpack.
1281 type: string
1282 provider:
1283 description: Provider is the K8s cluster provider that should
1284 be unpacked. By default, it is the same cluster provider that
1285 Lumper was scheduled onto. If Runtime is true, this option cannot
1286 be set to a value that conflicts with Lumper's startup configuration
1287 (e.g., you cannot schedule non-GKE runtime resources to a GKE
1288 cluster)
1289 type: string
1290 runtime:
1291 default: false
1292 description: Runtime determines if runtime resources should be
1293 applied. By default, only the base runtime layer is applied.
1294 type: boolean
1295 type: object
1296 required:
1297 - force
1298 - name
1299 - prune
1300 - repo
1301 type: object
1302 status:
1303 default:
1304 observedGeneration: -1
1305 description: UnpackedPalletStatus contains the readiness of the reconciled
1306 resources and an inventory of currently applied resources.
1307 properties:
1308 conditions:
1309 items:
1310 description: "Condition contains details for one aspect of the current
1311 state of this API Resource. --- This struct is intended for direct
1312 use as an array at the field path .status.conditions. For example,
1313 \n type FooStatus struct{ // Represents the observations of a
1314 foo's current state. // Known .status.conditions.type are: \"Available\",
1315 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1316 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1317 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1318 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1319 properties:
1320 lastTransitionTime:
1321 description: lastTransitionTime is the last time the condition
1322 transitioned from one status to another. This should be when
1323 the underlying condition changed. If that is not known, then
1324 using the time when the API field changed is acceptable.
1325 format: date-time
1326 type: string
1327 message:
1328 description: message is a human readable message indicating
1329 details about the transition. This may be an empty string.
1330 maxLength: 32768
1331 type: string
1332 observedGeneration:
1333 description: observedGeneration represents the .metadata.generation
1334 that the condition was set based upon. For instance, if .metadata.generation
1335 is currently 12, but the .status.conditions[x].observedGeneration
1336 is 9, the condition is out of date with respect to the current
1337 state of the instance.
1338 format: int64
1339 minimum: 0
1340 type: integer
1341 reason:
1342 description: reason contains a programmatic identifier indicating
1343 the reason for the condition's last transition. Producers
1344 of specific condition types may define expected values and
1345 meanings for this field, and whether the values are considered
1346 a guaranteed API. The value should be a CamelCase string.
1347 This field may not be empty.
1348 maxLength: 1024
1349 minLength: 1
1350 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1351 type: string
1352 status:
1353 description: status of the condition, one of True, False, Unknown.
1354 enum:
1355 - "True"
1356 - "False"
1357 - Unknown
1358 type: string
1359 type:
1360 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1361 --- Many .condition.type values are consistent across resources
1362 like Available, but because arbitrary conditions can be useful
1363 (see .node.status.conditions), the ability to deconflict is
1364 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1365 maxLength: 316
1366 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1367 type: string
1368 required:
1369 - lastTransitionTime
1370 - message
1371 - reason
1372 - status
1373 - type
1374 type: object
1375 type: array
1376 dependencies:
1377 description: Dependencies is a stringified comman delimited list of
1378 type: string
1379 inventory:
1380 description: ResourceInventory contains a list of Kubernetes resource
1381 object references that have been applied.
1382 properties:
1383 entries:
1384 description: Entries of Kubernetes resource object references.
1385 items:
1386 description: ResourceRef contains the information necessary
1387 to locate a resource within a cluster.
1388 properties:
1389 id:
1390 description: ID is the string representation of the Kubernetes
1391 resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
1392 type: string
1393 v:
1394 description: Version is the API version of the Kubernetes
1395 resource object's kind.
1396 type: string
1397 required:
1398 - id
1399 - v
1400 type: object
1401 type: array
1402 type: object
1403 lastApplied:
1404 description: LastApplied is the digest of the last artifact the controller
1405 successfully applied.
1406 type: string
1407 lastAttempted:
1408 description: LastAttempted is the digest of the last artifact the
1409 controller attempted to applied.
1410 type: string
1411 lastHandledReconcileAt:
1412 description: LastHandledReconcileAt holds the value of the most recent
1413 reconcile request value, so a change of the annotation value can
1414 be detected.
1415 type: string
1416 observedGeneration:
1417 description: ObservedGeneration is the object.generation the last
1418 time that the controller reconciled the object.
1419 format: int64
1420 type: integer
1421 shipment:
1422 description: Shipment is the parent shipment that created the child
1423 unpackedpallet
1424 type: string
1425 shortDigest:
1426 description: ShortDigest is a truncated form of the sha256 Digest.
1427 type: string
1428 statusAge:
1429 description: StatusAge contains the time the status of an object was
1430 set.
1431 format: date-time
1432 type: string
1433 type: object
1434 type: object
1435 served: true
1436 storage: true
1437 subresources:
1438 status: {}
1439---
1440apiVersion: v1
1441kind: ServiceAccount
1442metadata:
1443 annotations:
1444 iam.gke.io/gcp-service-account: lumperctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
1445 name: lumperctl
1446 namespace: warehouse-system
1447---
1448apiVersion: rbac.authorization.k8s.io/v1
1449kind: ClusterRole
1450metadata:
1451 name: lumperctl
1452rules:
1453- apiGroups:
1454 - ""
1455 resources:
1456 - configmaps
1457 - secrets
1458 - serviceaccounts
1459 verbs:
1460 - get
1461 - list
1462 - watch
1463- apiGroups:
1464 - ""
1465 resources:
1466 - events
1467 verbs:
1468 - create
1469 - patch
1470- apiGroups:
1471 - warehouse.edge.ncr.com
1472 resources:
1473 - shipments/finalizers
1474 verbs:
1475 - create
1476 - delete
1477 - get
1478 - patch
1479 - update
1480- apiGroups:
1481 - warehouse.edge.ncr.com
1482 resources:
1483 - unpackedpallets
1484 verbs:
1485 - create
1486 - delete
1487 - get
1488 - list
1489 - patch
1490 - update
1491 - watch
1492- apiGroups:
1493 - warehouse.edge.ncr.com
1494 resources:
1495 - unpackedpallets/finalizers
1496 verbs:
1497 - create
1498 - delete
1499 - get
1500 - patch
1501 - update
1502- apiGroups:
1503 - warehouse.edge.ncr.com
1504 resources:
1505 - unpackedpallets/status
1506 verbs:
1507 - get
1508 - patch
1509 - update
1510---
1511apiVersion: rbac.authorization.k8s.io/v1
1512kind: ClusterRoleBinding
1513metadata:
1514 name: lumperctl
1515roleRef:
1516 apiGroup: rbac.authorization.k8s.io
1517 kind: ClusterRole
1518 name: lumperctl
1519subjects:
1520- kind: ServiceAccount
1521 name: lumperctl
1522 namespace: lumperctl
1523---
1524apiVersion: rbac.authorization.k8s.io/v1
1525kind: ClusterRoleBinding
1526metadata:
1527 name: warehouse-cluster-reconciler
1528roleRef:
1529 apiGroup: rbac.authorization.k8s.io
1530 kind: ClusterRole
1531 name: cluster-admin
1532subjects:
1533- kind: ServiceAccount
1534 name: lumperctl
1535 namespace: warehouse-system
1536---
1537apiVersion: v1
1538kind: Service
1539metadata:
1540 labels:
1541 platform.edge.ncr.com/component: lumperctl
1542 name: lumperctl
1543 namespace: warehouse-system
1544spec:
1545 ports:
1546 - name: metrics
1547 port: 8080
1548 selector:
1549 platform.edge.ncr.com/component: lumperctl
1550---
1551apiVersion: apps/v1
1552kind: Deployment
1553metadata:
1554 name: lumperctl
1555 namespace: warehouse-system
1556spec:
1557 replicas: 1
1558 selector:
1559 matchLabels:
1560 platform.edge.ncr.com/component: lumperctl
1561 template:
1562 metadata:
1563 labels:
1564 platform.edge.ncr.com/component: lumperctl
1565 spec:
1566 containers:
1567 - args:
1568 - --cluster-provider=${cluster_provider}
1569 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/lumperctl:dev
1570 imagePullPolicy: IfNotPresent
1571 name: lumperctl
1572 ports:
1573 - containerPort: 8080
1574 name: metrics
1575 resources:
1576 limits:
1577 cpu: 1000m
1578 memory: 1Gi
1579 requests:
1580 cpu: 512m
1581 memory: 512Mi
1582 imagePullSecrets:
1583 - name: edge-docker-pull-secret
1584 serviceAccountName: lumperctl
1585---
1586apiVersion: iam.cnrm.cloud.google.com/v1beta1
1587kind: IAMPolicyMember
1588metadata:
1589 annotations:
1590 cnrm.cloud.google.com/project-id: ${gcp_project_id}
1591 name: lumper-controller-artifact-read
1592 namespace: warehouse-system
1593spec:
1594 member: serviceAccount:lumperctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
1595 resourceRef:
1596 apiVersion: artifactregistry.cnrm.cloud.google.com/v1beta1
1597 external: projects/${foreman_gcp_project_id}/locations/us-east1/repositories/warehouse
1598 kind: ArtifactRegistryRepository
1599 role: roles/artifactregistry.reader
1600---
1601apiVersion: iam.cnrm.cloud.google.com/v1beta1
1602kind: IAMPolicyMember
1603metadata:
1604 annotations:
1605 cnrm.cloud.google.com/project-id: ${gcp_project_id}
1606 description: |
1607 Binds the K8s SA used by lumper-controller to the GCP IAM
1608 service account defined in the base.
1609 name: lumper-controller-workload-id
1610 namespace: warehouse-system
1611spec:
1612 member: serviceAccount:${gcp_project_id}.svc.id.goog[warehouse-system/lumperctl]
1613 resourceRef:
1614 apiVersion: iam.cnrm.cloud.google.com/v1beta1
1615 kind: IAMServiceAccount
1616 name: lumper-controller
1617 role: roles/iam.workloadIdentityUser
1618---
1619apiVersion: iam.cnrm.cloud.google.com/v1beta1
1620kind: IAMServiceAccount
1621metadata:
1622 annotations:
1623 cnrm.cloud.google.com/project-id: ${gcp_project_id}
1624 name: lumper-controller
1625 namespace: warehouse-system
1626spec:
1627 displayName: ${cluster_hash} OCI controller
1628 resourceID: lumperctl-${cluster_hash}
1629---
1630apiVersion: monitoring.coreos.com/v1
1631kind: ServiceMonitor
1632metadata:
1633 annotations:
1634 monitoring.edge.ncr.com/allowed-metrics: |
1635 edge_lpctl_reconcile_condition_status
1636 edge_lpctl_reconcile_suspend_status
1637 edge_lpctl_reconcile_duration_seconds_sum
1638 edge_lpctl_reconcile_duration_seconds_count
1639 edge_lpctl_reconcile_duration_seconds_bucket
1640 edge_lpctl_prune_status
1641 labels:
1642 platform.edge.ncr.com/component: lumperctl
1643 name: lumperctl
1644 namespace: warehouse-system
1645spec:
1646 endpoints:
1647 - port: metrics
1648 selector:
1649 matchLabels:
1650 platform.edge.ncr.com/component: lumperctl
View as plain text