apiVersion: v1 kind: Namespace metadata: labels: workload.edge.ncr.com: platform name: warehouse-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com names: categories: - prometheus-operator kind: ServiceMonitor listKind: ServiceMonitorList plural: servicemonitors shortNames: - smon singular: servicemonitor scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Specification of desired Service selection for target discovery by Prometheus. properties: endpoints: description: A list of endpoints allowed as part of this ServiceMonitor. items: description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. properties: authorization: description: Authorization section for this endpoint properties: credentials: description: The secret's key that contains the credentials of the request properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error type: string type: object basicAuth: description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: description: The secret in the service monitor namespace that contains the password for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object bearerTokenFile: description: File to read bearer token for scraping targets. type: string bearerTokenSecret: description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: description: Whether to enable HTTP2. type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. type: boolean honorLabels: description: HonorLabels chooses the metric's labels on collisions with target labels. type: boolean honorTimestamps: description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. type: boolean interval: description: Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. enum: - replace - Replace - keep - Keep - drop - Drop - hashmod - HashMod - labelmap - LabelMap - labeldrop - LabelDrop - labelkeep - LabelKeep - lowercase - Lowercase - uppercase - Uppercase type: string modulus: description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array oauth2: description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. properties: clientId: description: The secret or configmap containing the OAuth2 client id properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string description: Parameters to append to the token URL type: object scopes: description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: description: The URL to fetch the token from minLength: 1 type: string required: - clientId - clientSecret - tokenUrl type: object params: additionalProperties: items: type: string type: array description: Optional HTTP URL parameters type: object path: description: HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. type: string proxyUrl: description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. type: string relabelings: description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. enum: - replace - Replace - keep - Keep - drop - Drop - hashmod - HashMod - labelmap - LabelMap - labeldrop - LabelDrop - labelkeep - LabelKeep - lowercase - Lowercase - uppercase - Uppercase type: string modulus: description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array scheme: description: HTTP scheme to use for scraping. type: string scrapeTimeout: description: Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when scraping the endpoint properties: ca: description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: description: Struct containing the client cert file for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: description: Secret containing the client key file for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string type: object type: object type: array jobLabel: description: "JobLabel selects the label from the associated Kubernetes service which will be used as the `job` label for all metrics. \n For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: bar`, then the `job=\"bar\"` label is added to all metrics. \n If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the Kubernetes Service." type: string labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelValueLengthLimit: description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer namespaceSelector: description: Selector to select which namespaces the Kubernetes Endpoints objects are discovered from. properties: any: description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names to select from. items: type: string type: array type: object podTargetLabels: description: PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics. items: type: string type: array sampleLimit: description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. format: int64 type: integer selector: description: Selector to select Endpoints objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLabels: description: TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. items: type: string type: array targetLimit: description: TargetLimit defines a limit on the number of scraped targets that will be accepted. format: int64 type: integer required: - endpoints - selector type: object required: - spec type: object served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) name: shipments.warehouse.edge.ncr.com spec: group: warehouse.edge.ncr.com names: kind: Shipment listKind: ShipmentList plural: shipments singular: shipment scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string name: v1alpha1 schema: openAPIV3Schema: description: Shipment is one or more Pallets that will be unpacked and scheduled to the cluster. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: creds: description: Credentials is an optional secret reference pointing to a secret containing registry credentials. The secret must be of type kubernetes.io/dockerconfigjson properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string type: object force: default: false description: Force indicates whether or not objects should be forced by deleting and re-creating when there is a conflict due to immutable fields changing. type: boolean interval: default: 60s description: Interval is how often the object will be reconciled, in order to prevent drift. type: string pallets: description: "Pallets is the set of Pallet packages that will be pulled and reconciled, without the repository string. Each Pallet reference is completed from the Repository field. \n All Pallets are resolved into a single, deduped graph to ensure that there is no more than one version of a package. How conflicts are resolved is configurable via Resolution" items: description: BaseArtifact describes a reference to a Warehouse package without a repository that can be embedded in a K8s resource spec. properties: digest: description: Digest is the sha256 digest of the OCI artifact to apply to the cluster. Takes precedence over tag if set. type: string name: description: Name is the unique package name for the Warehouse package. It is appended to the provided Repository to produce the full repository string, e.g., gcr.io/foo/bar, where bar is the name of the package and gcr.io/foo is the provided Repository string type: string tag: description: Tag is a mutable reference to the OCI artifact to apply. Defaults to "latest" if neither Tag or Digest are set. type: string required: - name type: object minItems: 1 type: array prune: description: Prune indicates whether or not objects should be pruned between reconciles or when the object is deleted. You may want to use this for deployments that you really don't want deleted. type: boolean rendering: description: Rendering is the configuration controlling how the unpacked K8s manifests are rendered before applying. items: properties: configMapRef: description: ConfigMapRef references a K8s ConfigMap to pull parameters from. Mutually exclusive with Variables. properties: name: description: Name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent, when not specified it acts as LocalObjectReference. maxLength: 253 minLength: 1 type: string required: - name type: object mapping: additionalProperties: type: string description: 'Mapping of rendering parameters to specific keys in the referenced ConfigMap, e.g.: {gcp_project_id: gcp.projectId} where ''gcp.projectId'' is a key in the ConfigMap.' type: object parameters: additionalProperties: type: string description: Parameters are inlined parameters. Mutually exclusive with ConfigMapRef. type: object type: object type: array repo: description: Repository is the image repository that all Pallets will be pulled from. It MUST be the entire repository string up to the Pallet package name, e.g. gcr.io/foo if packages are gcr.io/foo/bar, gcr.io/foo/bax, ... All packages must come from the same repository because resolving the graph of packages may discover the same digest in multiple repositories. This controller won't make value judgements as to which repository should be used in conflict. type: string resolution: description: Resolution is the rules for resolving conflicts in the resolved graph for the pallets included in this shipment. By default, a Shipment will be marked Stalled if it references a list of pallets which don't produce a consistent (e.g., no conflicting digests) resolved graph. properties: acceptFirst: description: AcceptFirst will accept the first digest it encounters for each package during graph resolution. If the package exists in the graph with a differing digest, it is dropped. This is the simplest way to force a set of conflicting packages to produce a consistent graph, but doesn't provide any additional control type: boolean pins: description: Pins are a mapping of package names to digests that are forced during graph resolution, analogous to pinning transitive dependency versions using `replace` directives in a `go.mod` file. items: description: Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array type: object retryInterval: default: 10s description: RetryInterval is how often to retry previously failed reconciliations. Defaults to Interval if not provided. type: string suspend: description: This flag tells the controller to suspend subsequent reconciliations, it does not apply to already started reconciliations. Defaults to false. type: boolean timeout: default: 120s description: Timeout is how long the controller will wait for the applied objects to reconcile. type: string unpack: description: UnpackOptions properties: capabilities: description: Capabilities are additional runtime layers to apply. If Runtime is set to false, this field must be empty. items: type: string type: array infra: default: false description: Infra is whether or not to schedule infrastructure objects. type: boolean infraNamespace: description: InfraNamespace is the K8s namespace the infra objects should be scheduled to. If provided, the metadata.namespace of unpacked infra objects is updated using Kustomize filters on unpack. type: string provider: description: Provider is the K8s cluster provider that should be unpacked. By default, it is the same cluster provider that Lumper was scheduled onto. If Runtime is true, this option cannot be set to a value that conflicts with Lumper's startup configuration (e.g., you cannot schedule non-GKE runtime resources to a GKE cluster) type: string runtime: default: false description: Runtime determines if runtime resources should be applied. By default, only the base runtime layer is applied. type: boolean type: object required: - force - pallets - prune - repo type: object status: default: observedGeneration: -1 description: ShipmentStatus contains the readiness of the reconciled resources and an inventory of currently applied resources. properties: conditions: items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array inventory: description: Inventory is the K8s resources that this object manages. properties: entries: description: Entries of Kubernetes resource object references. items: description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. type: string v: description: Version is the API version of the Kubernetes resource object's kind. type: string required: - id - v type: object type: array type: object lastApplied: description: LastApplied is the last set of resolved artifacts that were applied. items: description: Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array lastAttempted: description: LastAttempted is the last set of resolved artifacts that the controller attempted to apply. items: description: Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. type: string observedGeneration: format: int64 type: integer type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) name: unpackedpallets.warehouse.edge.ncr.com spec: group: warehouse.edge.ncr.com names: kind: UnpackedPallet listKind: UnpackedPalletList plural: unpackedpallets singular: unpackedpallet scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .status.shortDigest name: Digest type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime name: Status Age type: date - jsonPath: .spec.prune name: Prune priority: 1 type: string - jsonPath: .spec.suspend name: Suspend priority: 1 type: string - jsonPath: .status.shipment name: Shipment priority: 1 type: string - jsonPath: .spec.force name: Force priority: 1 type: string - jsonPath: .status.dependencies name: Dependencies priority: 1 type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: "UnpackedPallet is an individual package that will be unpacked and scheduled to the cluster. \n Generally, this object shouldn't be created directly, it should be created via Shipment objects, similarly to how a Deployment schedules a ReplicaSet." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: creds: description: Credentials is an optional secret reference pointing to a secret containing registry credentials. The secret must be of type kubernetes.io/dockerconfigjson properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string type: object dependsOn: description: DependsOn is the list of UnpackedPallets that need to be successfully reconciled first. items: description: LocalObjectReference contains enough information to locate the referenced Kubernetes resource object. properties: name: description: Name of the referent. maxLength: 253 minLength: 1 type: string required: - name type: object type: array digest: description: Digest is the sha256 digest of the OCI artifact to apply to the cluster. Takes precedence over tag if set. type: string force: default: false description: Force indicates whether or not objects should be forced by deleting and re-creating when there is a conflict due to immutable fields changing. type: boolean interval: default: 60s description: Interval is how often the object will be reconciled, in order to prevent drift. type: string name: description: Name is the unique package name for the Warehouse package. It is appended to the provided Repository to produce the full repository string, e.g., gcr.io/foo/bar, where bar is the name of the package and gcr.io/foo is the provided Repository string type: string parameters: additionalProperties: type: string description: Parameters are the key/value pairs that will be used while rendering manifests from unpacked pallets. type: object prune: description: Prune indicates whether or not objects should be pruned between reconciles or when the object is deleted. You may want to use this for deployments that you really don't want deleted. type: boolean repo: description: Repository is the image repository that the tag or digest should be pulled from, e.g., gcr.io/foo type: string retryInterval: default: 10s description: RetryInterval is how often to retry previously failed reconciliations. Defaults to Interval if not provided. type: string suspend: description: This flag tells the controller to suspend subsequent reconciliations, it does not apply to already started reconciliations. Defaults to false. type: boolean tag: description: Tag is a mutable reference to the OCI artifact to apply. Defaults to "latest" if neither Tag or Digest are set. type: string timeout: default: 120s description: Timeout is how long the controller will wait for the applied objects to reconcile. type: string unpack: description: UnpackOptions properties: capabilities: description: Capabilities are additional runtime layers to apply. If Runtime is set to false, this field must be empty. items: type: string type: array infra: default: false description: Infra is whether or not to schedule infrastructure objects. type: boolean infraNamespace: description: InfraNamespace is the K8s namespace the infra objects should be scheduled to. If provided, the metadata.namespace of unpacked infra objects is updated using Kustomize filters on unpack. type: string provider: description: Provider is the K8s cluster provider that should be unpacked. By default, it is the same cluster provider that Lumper was scheduled onto. If Runtime is true, this option cannot be set to a value that conflicts with Lumper's startup configuration (e.g., you cannot schedule non-GKE runtime resources to a GKE cluster) type: string runtime: default: false description: Runtime determines if runtime resources should be applied. By default, only the base runtime layer is applied. type: boolean type: object required: - force - name - prune - repo type: object status: default: observedGeneration: -1 description: UnpackedPalletStatus contains the readiness of the reconciled resources and an inventory of currently applied resources. properties: conditions: items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array dependencies: description: Dependencies is a stringified comman delimited list of type: string inventory: description: ResourceInventory contains a list of Kubernetes resource object references that have been applied. properties: entries: description: Entries of Kubernetes resource object references. items: description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. type: string v: description: Version is the API version of the Kubernetes resource object's kind. type: string required: - id - v type: object type: array type: object lastApplied: description: LastApplied is the digest of the last artifact the controller successfully applied. type: string lastAttempted: description: LastAttempted is the digest of the last artifact the controller attempted to applied. type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. type: string observedGeneration: description: ObservedGeneration is the object.generation the last time that the controller reconciled the object. format: int64 type: integer shipment: description: Shipment is the parent shipment that created the child unpackedpallet type: string shortDigest: description: ShortDigest is a truncated form of the sha256 Digest. type: string statusAge: description: StatusAge contains the time the status of an object was set. format: date-time type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: annotations: iam.gke.io/gcp-service-account: lumperctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com name: lumperctl namespace: warehouse-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: lumperctl rules: - apiGroups: - "" resources: - configmaps - secrets - serviceaccounts verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - warehouse.edge.ncr.com resources: - shipments/finalizers verbs: - create - delete - get - patch - update - apiGroups: - warehouse.edge.ncr.com resources: - unpackedpallets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - warehouse.edge.ncr.com resources: - unpackedpallets/finalizers verbs: - create - delete - get - patch - update - apiGroups: - warehouse.edge.ncr.com resources: - unpackedpallets/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: lumperctl roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: lumperctl subjects: - kind: ServiceAccount name: lumperctl namespace: lumperctl --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: warehouse-cluster-reconciler roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: lumperctl namespace: warehouse-system --- apiVersion: v1 kind: Service metadata: labels: platform.edge.ncr.com/component: lumperctl name: lumperctl namespace: warehouse-system spec: ports: - name: metrics port: 8080 selector: platform.edge.ncr.com/component: lumperctl --- apiVersion: apps/v1 kind: Deployment metadata: name: lumperctl namespace: warehouse-system spec: replicas: 1 selector: matchLabels: platform.edge.ncr.com/component: lumperctl template: metadata: labels: platform.edge.ncr.com/component: lumperctl spec: containers: - args: - --cluster-provider=${cluster_provider} image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/lumperctl:dev imagePullPolicy: IfNotPresent name: lumperctl ports: - containerPort: 8080 name: metrics resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 512m memory: 512Mi imagePullSecrets: - name: edge-docker-pull-secret serviceAccountName: lumperctl --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicyMember metadata: annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} name: lumper-controller-artifact-read namespace: warehouse-system spec: member: serviceAccount:lumperctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com resourceRef: apiVersion: artifactregistry.cnrm.cloud.google.com/v1beta1 external: projects/${foreman_gcp_project_id}/locations/us-east1/repositories/warehouse kind: ArtifactRegistryRepository role: roles/artifactregistry.reader --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicyMember metadata: annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} description: | Binds the K8s SA used by lumper-controller to the GCP IAM service account defined in the base. name: lumper-controller-workload-id namespace: warehouse-system spec: member: serviceAccount:${gcp_project_id}.svc.id.goog[warehouse-system/lumperctl] resourceRef: apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMServiceAccount name: lumper-controller role: roles/iam.workloadIdentityUser --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMServiceAccount metadata: annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} name: lumper-controller namespace: warehouse-system spec: displayName: ${cluster_hash} OCI controller resourceID: lumperctl-${cluster_hash} --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: annotations: monitoring.edge.ncr.com/allowed-metrics: | edge_lpctl_reconcile_condition_status edge_lpctl_reconcile_suspend_status edge_lpctl_reconcile_duration_seconds_sum edge_lpctl_reconcile_duration_seconds_count edge_lpctl_reconcile_duration_seconds_bucket edge_lpctl_prune_status labels: platform.edge.ncr.com/component: lumperctl name: lumperctl namespace: warehouse-system spec: endpoints: - port: metrics selector: matchLabels: platform.edge.ncr.com/component: lumperctl