1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 name: clients.iam.edge-infra.dev
5 annotations:
6 configmanagement.gke.io/cluster-selector: not-dsds-cluster
7 controller-gen.kubebuilder.io/version: (unknown)
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: edge-iam
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14 labels: {}
15spec:
16 group: iam.edge-infra.dev
17 names:
18 kind: Client
19 listKind: ClientList
20 plural: clients
21 singular: client
22 scope: Namespaced
23 versions:
24 - name: v1alpha1
25 additionalPrinterColumns:
26 - name: Reason
27 type: string
28 jsonPath: .status.conditions[0].reason
29 - name: Message
30 type: string
31 jsonPath: .status.conditions[0].message
32 - name: Age
33 type: date
34 jsonPath: .metadata.creationTimestamp
35 schema:
36 openAPIV3Schema:
37 type: object
38 description: Client is the Schema for the clients API
39 properties:
40 apiVersion:
41 type: string
42 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
43 kind:
44 type: string
45 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
46 metadata:
47 type: object
48 spec:
49 type: object
50 description: ClientSpec defines the desired state of Client
51 properties:
52 audience:
53 type: array
54 description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
55 items:
56 type: string
57 clientName:
58 type: string
59 description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
60 grantTypes:
61 type: array
62 description: GrantTypes is an array of grant types the client is allowed to use.
63 items:
64 type: string
65 maxItems: 5
66 minItems: 1
67 printBarcodeTypes:
68 type: array
69 description: PrintBarcodeTypes is an array that tells Edge-ID about client's printing capabilities.
70 items:
71 type: string
72 maxItems: 2
73 printBarcodeUri:
74 type: string
75 description: PrintBarcodeURI is the redirect URI of the client where print barcode is handled.
76 redirectUris:
77 type: array
78 description: RedirectURIs is an array of the redirect URIs allowed for the application
79 items:
80 type: string
81 responseModes:
82 type: array
83 description: ResponseModes is an array of response modes that client is allowed to send
84 items:
85 type: string
86 maxItems: 3
87 minItems: 0
88 responseTypes:
89 type: array
90 description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
91 items:
92 type: string
93 maxItems: 3
94 minItems: 1
95 roles:
96 type: array
97 description: Roles is an array of roles the client has.
98 items:
99 type: string
100 maxItems: 100
101 minItems: 0
102 scope:
103 type: string
104 description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
105 pattern: ([a-zA-Z0-9\.\*]+\s?)+
106 secretName:
107 type: string
108 description: SecretName points to the K8s secret that contains this client's ID and password
109 maxLength: 253
110 minLength: 1
111 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
112 required:
113 - grantTypes
114 - secretName
115 status:
116 type: object
117 description: ClientStatus defines the observed state of Client
118 properties:
119 conditions:
120 type: array
121 description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
122 items:
123 type: object
124 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
125 properties:
126 type:
127 type: string
128 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
129 maxLength: 316
130 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
131 status:
132 type: string
133 description: status of the condition, one of True, False, Unknown.
134 enum:
135 - "True"
136 - "False"
137 - Unknown
138 lastTransitionTime:
139 type: string
140 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
141 format: date-time
142 message:
143 type: string
144 description: message is a human readable message indicating details about the transition. This may be an empty string.
145 maxLength: 32768
146 observedGeneration:
147 type: integer
148 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
149 format: int64
150 minimum: 0
151 reason:
152 type: string
153 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
154 maxLength: 1024
155 minLength: 1
156 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
157 required:
158 - lastTransitionTime
159 - message
160 - reason
161 - status
162 - type
163 reconciliationError:
164 type: object
165 description: ReconciliationError represents an error that occurred during the reconciliation process
166 properties:
167 description:
168 type: string
169 description: Description is the description of the reconciliation error
170 statusCode:
171 type: string
172 description: Code is the status code of the reconciliation error
173 served: true
174 storage: true
175 subresources:
176 status: {}
177---
178apiVersion: apiextensions.k8s.io/v1
179kind: CustomResourceDefinition
180metadata:
181 name: providers.iam.edge-infra.dev
182 annotations:
183 configmanagement.gke.io/cluster-selector: not-dsds-cluster
184 controller-gen.kubebuilder.io/version: (unknown)
185 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
186 pallet.edge.ncr.com/name: edge-iam
187 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
188 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
189 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
190 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
191 labels: {}
192spec:
193 group: iam.edge-infra.dev
194 names:
195 kind: Provider
196 listKind: ProviderList
197 plural: providers
198 singular: provider
199 scope: Namespaced
200 versions:
201 - name: v1alpha1
202 additionalPrinterColumns:
203 - name: Target
204 type: string
205 jsonPath: .spec.target
206 - name: Age
207 type: date
208 jsonPath: .metadata.creationTimestamp
209 schema:
210 openAPIV3Schema:
211 type: object
212 description: Provider is the Schema for the providers API
213 properties:
214 apiVersion:
215 type: string
216 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
217 kind:
218 type: string
219 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
220 metadata:
221 type: object
222 spec:
223 type: object
224 description: ProviderSpec defines the desired state of Provider
225 properties:
226 barcode:
227 type: object
228 description: Barcode contains the configuration that Barcode login method should have
229 properties:
230 expire:
231 type: string
232 role:
233 type: boolean
234 description: checks if the user has the permission to print barcode
235 ff:
236 type: object
237 additionalProperties:
238 type: boolean
239 description: FF contains the launchdarkly feature flags defaults that should be enabled
240 issuer:
241 type: string
242 description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'"
243 okta:
244 type: object
245 description: okta field contains authurl as well as cred secret name
246 properties:
247 credsSecretName:
248 type: string
249 required:
250 - credsSecretName
251 pin:
252 type: object
253 description: PIN contains the configuration that PIN login method should have
254 properties:
255 attempts:
256 type: integer
257 maximum: 5
258 minimum: 3
259 expire:
260 type: string
261 history:
262 type: integer
263 maximum: 5
264 minimum: 3
265 length:
266 type: integer
267 profile:
268 type: object
269 description: Profile contains the configuration of profile
270 properties:
271 expire:
272 type: string
273 target:
274 type: string
275 description: 'Target sets the type of environment this provider targets, options: gcp, sds'
276 status:
277 type: object
278 description: ProviderStatus defines the observed state of Provider
279 properties:
280 conditions:
281 type: array
282 items:
283 type: object
284 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
285 properties:
286 type:
287 type: string
288 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
289 maxLength: 316
290 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
291 status:
292 type: string
293 description: status of the condition, one of True, False, Unknown.
294 enum:
295 - "True"
296 - "False"
297 - Unknown
298 lastTransitionTime:
299 type: string
300 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
301 format: date-time
302 message:
303 type: string
304 description: message is a human readable message indicating details about the transition. This may be an empty string.
305 maxLength: 32768
306 observedGeneration:
307 type: integer
308 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
309 format: int64
310 minimum: 0
311 reason:
312 type: string
313 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
314 maxLength: 1024
315 minLength: 1
316 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
317 required:
318 - lastTransitionTime
319 - message
320 - reason
321 - status
322 - type
323 served: true
324 storage: true
325 subresources:
326 status: {}
327---
328apiVersion: v1
329kind: ServiceAccount
330metadata:
331 name: operator
332 namespace: edge-iam
333 annotations:
334 configmanagement.gke.io/cluster-selector: not-dsds-cluster
335 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
336 pallet.edge.ncr.com/name: edge-iam
337 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
338 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
339 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
340 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
341 labels: {}
342---
343apiVersion: rbac.authorization.k8s.io/v1
344kind: ClusterRole
345metadata:
346 name: edge-iam-clientctl
347 annotations:
348 configmanagement.gke.io/cluster-selector: not-dsds-cluster
349 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
350 pallet.edge.ncr.com/name: edge-iam
351 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
352 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
353 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
354 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
355 labels: {}
356rules:
357- resources:
358 - clients
359 apiGroups:
360 - iam.edge-infra.dev
361 verbs:
362 - create
363 - delete
364 - get
365 - list
366 - patch
367 - update
368 - watch
369- resources:
370 - clients/finalizers
371 apiGroups:
372 - iam.edge-infra.dev
373 verbs:
374 - update
375- resources:
376 - clients/status
377 apiGroups:
378 - iam.edge-infra.dev
379 verbs:
380 - get
381 - patch
382 - update
383---
384apiVersion: rbac.authorization.k8s.io/v1
385kind: ClusterRole
386metadata:
387 name: edge-iam-providerctl
388 annotations:
389 configmanagement.gke.io/cluster-selector: not-dsds-cluster
390 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
391 pallet.edge.ncr.com/name: edge-iam
392 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
393 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
394 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
395 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
396 labels: {}
397rules:
398- resources:
399 - configmaps
400 - namespaces
401 - pods
402 - secrets
403 - serviceaccounts
404 - services
405 apiGroups:
406 - ""
407 verbs:
408 - create
409 - delete
410 - get
411 - list
412 - patch
413 - update
414 - watch
415- resources:
416 - namespaces/status
417 - services/status
418 apiGroups:
419 - ""
420 verbs:
421 - get
422- resources:
423 - daemonsets
424 - deployments
425 - replicasets
426 - statefulsets
427 apiGroups:
428 - apps
429 verbs:
430 - create
431 - delete
432 - get
433 - list
434 - patch
435 - update
436 - watch
437- resources:
438 - cronjobs
439 apiGroups:
440 - batch
441 verbs:
442 - create
443 - list
444 - patch
445- resources:
446 - persistence
447 apiGroups:
448 - edge.ncr.com
449 verbs:
450 - create
451 - get
452 - list
453 - patch
454 - update
455 - watch
456- resources:
457 - externalsecrets
458 apiGroups:
459 - external-secrets.io
460 verbs:
461 - create
462 - get
463 - list
464 - patch
465 - update
466 - watch
467- resources:
468 - mappings
469 apiGroups:
470 - getambassador.io
471 verbs:
472 - create
473 - delete
474 - get
475 - list
476 - patch
477 - update
478 - watch
479- resources:
480 - providers
481 apiGroups:
482 - iam.edge-infra.dev
483 verbs:
484 - create
485 - delete
486 - get
487 - list
488 - patch
489 - update
490 - watch
491- resources:
492 - providers/finalizers
493 apiGroups:
494 - iam.edge-infra.dev
495 verbs:
496 - update
497- resources:
498 - providers/status
499 apiGroups:
500 - iam.edge-infra.dev
501 verbs:
502 - get
503 - patch
504 - update
505- resources:
506 - servicemonitors
507 apiGroups:
508 - monitoring.coreos.com
509 verbs:
510 - create
511 - delete
512 - get
513 - list
514 - patch
515 - update
516 - watch
517- resources:
518 - serverauthorizations
519 - servers
520 apiGroups:
521 - policy.linkerd.io
522 verbs:
523 - create
524 - delete
525 - get
526 - list
527 - patch
528 - update
529 - watch
530---
531apiVersion: rbac.authorization.k8s.io/v1
532kind: ClusterRoleBinding
533metadata:
534 name: edge-iam-operator-clientctl
535 annotations:
536 configmanagement.gke.io/cluster-selector: not-dsds-cluster
537 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
538 pallet.edge.ncr.com/name: edge-iam
539 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
540 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
541 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
542 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
543 labels: {}
544roleRef:
545 name: edge-iam-clientctl
546 kind: ClusterRole
547 apiGroup: rbac.authorization.k8s.io
548subjects:
549- name: operator
550 namespace: edge-iam
551 kind: ServiceAccount
552---
553apiVersion: rbac.authorization.k8s.io/v1
554kind: ClusterRoleBinding
555metadata:
556 name: edge-iam-operator-providerctl
557 annotations:
558 configmanagement.gke.io/cluster-selector: not-dsds-cluster
559 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
560 pallet.edge.ncr.com/name: edge-iam
561 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
562 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
563 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
564 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
565 labels: {}
566roleRef:
567 name: edge-iam-providerctl
568 kind: ClusterRole
569 apiGroup: rbac.authorization.k8s.io
570subjects:
571- name: operator
572 namespace: edge-iam
573 kind: ServiceAccount
574---
575apiVersion: v1
576kind: ConfigMap
577metadata:
578 name: bsl-hack
579 namespace: edge-iam
580 labels:
581 platform.edge.ncr.com/component: edge-iam
582 annotations:
583 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
584 pallet.edge.ncr.com/name: edge-iam
585 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
586 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
587 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
588 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
589data:
590 IAM_BSL_BASE_URL: ${bsl_endpoint}
591---
592apiVersion: v1
593kind: Secret
594metadata:
595 name: okta-secret
596 namespace: edge-iam
597 annotations:
598 configmanagement.gke.io/cluster-selector: not-dsds-cluster
599 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
600 pallet.edge.ncr.com/name: edge-iam
601 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
602 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
603 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
604 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
605 labels: {}
606type: Opaque
607data:
608 OKTA_CLIENT_ID: MG9hN25oM3I5eUZjWElySDUxZDc=
609 OKTA_CLIENT_SECRET: alpnU25OMG1xVmFyRF96b25ZVTFlOXhaTlR4YzNOaE9TNW9rZDdtRQ==
610 OKTA_ISSUER: aHR0cHM6Ly9jb21tZXJjZS1kZXYub2t0YXByZXZpZXcuY29tL29hdXRoMi9kZWZhdWx0
611---
612apiVersion: v1
613kind: Secret
614metadata:
615 name: verify-creds
616 namespace: edge-iam
617 annotations:
618 configmanagement.gke.io/cluster-selector: not-dsds-cluster
619 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
620 pallet.edge.ncr.com/name: edge-iam
621 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
622 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
623 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
624 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
625 labels: {}
626type: Opaque
627data:
628 client_id: ZGQyZTk1MDctYTVmOS00ZmRlLTllZDktM2UxMTQzNGVhYmUz
629 client_secret: SVJCY00zMkF0NUEtbGlnM35xejluMjlDaHk=
630---
631apiVersion: apps/v1
632kind: Deployment
633metadata:
634 name: operator
635 labels:
636 app.kubernetes.io/name: operator
637 app.kubernetes.io/part-of: edge-iam
638 platform.edge.ncr.com/component: edge-iam-operator
639 namespace: edge-iam
640 annotations:
641 configmanagement.gke.io/cluster-selector: not-dsds-cluster
642 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
643 pallet.edge.ncr.com/name: edge-iam
644 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
645 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
646 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
647 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
648spec:
649 replicas: 1
650 selector:
651 matchLabels:
652 platform.edge.ncr.com/component: edge-iam-operator
653 template:
654 metadata:
655 labels:
656 platform.edge.ncr.com/component: edge-iam-operator
657 annotations:
658 configmanagement.gke.io/cluster-selector: not-dsds-cluster
659 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
660 pallet.edge.ncr.com/name: edge-iam
661 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
662 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
663 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
664 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
665 spec:
666 serviceAccountName: operator
667 containers:
668 - name: edge-iam-operator
669 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/edge-iam-operator@sha256:83f2362fafc2785b6cbf991d0a4df00ade78cab602c3569abfd66d621cb63b15
670 ports:
671 - name: http
672 protocol: TCP
673 containerPort: 8082
674 env:
675 - name: IAM_MODE
676 value: release
677 - name: IAM_REDIS_ADDRESS
678 value: store-redis:6379
679 - name: IAM_COUCHDB_ADDRESS
680 value: http://data-sync-couchdb-0.data-sync-couchdb.data-sync-couchdb.svc.cluster.local:5984
681 - name: IAM_COUCHDB_USER
682 valueFrom:
683 secretKeyRef:
684 name: iam-store-user
685 key: username
686 - name: IAM_COUCHDB_PASSWORD
687 valueFrom:
688 secretKeyRef:
689 name: iam-store-user
690 key: password
691 resources:
692 limits:
693 cpu: "100m"
694 imagePullPolicy: Always
695 imagePullSecrets:
696 - name: edge-docker-pull-secret
697---
698apiVersion: datasync.edge.ncr.com/v1alpha1
699kind: CouchDBDatabase
700metadata:
701 name: iam-accounts
702 namespace: edge-iam
703 annotations:
704 configmanagement.gke.io/cluster-selector: not-dsds-cluster
705 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
706 pallet.edge.ncr.com/name: edge-iam
707 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
708 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
709 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
710 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
711 labels: {}
712spec:
713 name: iam-accounts
714 security:
715 members:
716 names:
717 - iam-store-user
718 roles:
719 - replication-user
720 serverRef:
721 name: store-server
722 namespace: data-sync-couchdb
723---
724apiVersion: datasync.edge.ncr.com/v1alpha1
725kind: CouchDBUser
726metadata:
727 name: iam-store-user
728 namespace: edge-iam
729 annotations:
730 configmanagement.gke.io/cluster-selector: not-dsds-cluster
731 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
732 pallet.edge.ncr.com/name: edge-iam
733 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
734 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
735 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
736 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
737 labels: {}
738spec:
739 serverRef:
740 name: store-server
741 namespace: data-sync-couchdb
742 user:
743 name: iam-store-user
744 roles:
745 - replication-user
746---
747apiVersion: iam.edge-infra.dev/v1alpha1
748kind: Client
749metadata:
750 name: verify
751 namespace: edge-iam
752 annotations:
753 configmanagement.gke.io/cluster-selector: not-dsds-cluster
754 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
755 pallet.edge.ncr.com/name: edge-iam
756 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
757 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
758 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
759 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
760 labels: {}
761spec:
762 clientName: Verifier
763 grantTypes:
764 - barcode
765 - refresh_token
766 - authorization_code
767 - password
768 - client_credentials
769 printBarcodeUri: http://localhost:8088/verify/print-barcode
770 redirectUris:
771 - http://localhost:8088/verify/callback
772 responseModes:
773 - query
774 responseTypes:
775 - code
776 scope: openid profile offline offline_access
777 secretName: verify-creds
778---
779apiVersion: monitoring.coreos.com/v1
780kind: PodMonitor
781metadata:
782 name: edge-iam-operator-monitoring
783 namespace: edge-iam
784 labels:
785 app.kubernetes.io/name: operator
786 app.kubernetes.io/part-of: edge-iam
787 platform.edge.ncr.com/component: edge-iam-operator
788 annotations:
789 configmanagement.gke.io/cluster-selector: not-dsds-cluster
790 monitoring.edge.ncr.com/allowed-metrics: |
791 workqueue_retries_total
792 controller_runtime_reconcile_total
793 controller_runtime_reconcile_errors_total
794 controller_runtime_reconcile_time_seconds
795 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
796 pallet.edge.ncr.com/name: edge-iam
797 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
798 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
799 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
800 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
801spec:
802 selector:
803 matchLabels:
804 platform.edge.ncr.com/component: edge-iam-operator
805 podMetricsEndpoints:
806 - port: http
807 interval: 60s
808 path: /metrics
View as plain text