apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clients.iam.edge-infra.dev annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: iam.edge-infra.dev names: kind: Client listKind: ClientList plural: clients singular: client scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Reason type: string jsonPath: .status.conditions[0].reason - name: Message type: string jsonPath: .status.conditions[0].message - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Client is the Schema for the clients API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClientSpec defines the desired state of Client properties: audience: type: array description: Audience is a whitelist defining the audiences this client is allowed to request tokens for items: type: string clientName: type: string description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization. grantTypes: type: array description: GrantTypes is an array of grant types the client is allowed to use. items: type: string maxItems: 5 minItems: 1 printBarcodeTypes: type: array description: PrintBarcodeTypes is an array that tells Edge-ID about client's printing capabilities. items: type: string maxItems: 2 printBarcodeUri: type: string description: PrintBarcodeURI is the redirect URI of the client where print barcode is handled. redirectUris: type: array description: RedirectURIs is an array of the redirect URIs allowed for the application items: type: string responseModes: type: array description: ResponseModes is an array of response modes that client is allowed to send items: type: string maxItems: 3 minItems: 0 responseTypes: type: array description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. items: type: string maxItems: 3 minItems: 1 roles: type: array description: Roles is an array of roles the client has. items: type: string maxItems: 100 minItems: 0 scope: type: string description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. pattern: ([a-zA-Z0-9\.\*]+\s?)+ secretName: type: string description: SecretName points to the K8s secret that contains this client's ID and password maxLength: 253 minLength: 1 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' required: - grantTypes - secretName status: type: object description: ClientStatus defines the observed state of Client properties: conditions: type: array description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type reconciliationError: type: object description: ReconciliationError represents an error that occurred during the reconciliation process properties: description: type: string description: Description is the description of the reconciliation error statusCode: type: string description: Code is the status code of the reconciliation error served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: providers.iam.edge-infra.dev annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: iam.edge-infra.dev names: kind: Provider listKind: ProviderList plural: providers singular: provider scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Target type: string jsonPath: .spec.target - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Provider is the Schema for the providers API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ProviderSpec defines the desired state of Provider properties: barcode: type: object description: Barcode contains the configuration that Barcode login method should have properties: expire: type: string role: type: boolean description: checks if the user has the permission to print barcode ff: type: object additionalProperties: type: boolean description: FF contains the launchdarkly feature flags defaults that should be enabled issuer: type: string description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'" okta: type: object description: okta field contains authurl as well as cred secret name properties: credsSecretName: type: string required: - credsSecretName pin: type: object description: PIN contains the configuration that PIN login method should have properties: attempts: type: integer maximum: 5 minimum: 3 expire: type: string history: type: integer maximum: 5 minimum: 3 length: type: integer profile: type: object description: Profile contains the configuration of profile properties: expire: type: string target: type: string description: 'Target sets the type of environment this provider targets, options: gcp, sds' status: type: object description: ProviderStatus defines the observed state of Provider properties: conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: operator namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-iam-clientctl annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - resources: - clients apiGroups: - iam.edge-infra.dev verbs: - create - delete - get - list - patch - update - watch - resources: - clients/finalizers apiGroups: - iam.edge-infra.dev verbs: - update - resources: - clients/status apiGroups: - iam.edge-infra.dev verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: edge-iam-providerctl annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - resources: - configmaps - namespaces - pods - secrets - serviceaccounts - services apiGroups: - "" verbs: - create - delete - get - list - patch - update - watch - resources: - namespaces/status - services/status apiGroups: - "" verbs: - get - resources: - daemonsets - deployments - replicasets - statefulsets apiGroups: - apps verbs: - create - delete - get - list - patch - update - watch - resources: - cronjobs apiGroups: - batch verbs: - create - list - patch - resources: - persistence apiGroups: - edge.ncr.com verbs: - create - get - list - patch - update - watch - resources: - externalsecrets apiGroups: - external-secrets.io verbs: - create - get - list - patch - update - watch - resources: - mappings apiGroups: - getambassador.io verbs: - create - delete - get - list - patch - update - watch - resources: - providers apiGroups: - iam.edge-infra.dev verbs: - create - delete - get - list - patch - update - watch - resources: - providers/finalizers apiGroups: - iam.edge-infra.dev verbs: - update - resources: - providers/status apiGroups: - iam.edge-infra.dev verbs: - get - patch - update - resources: - servicemonitors apiGroups: - monitoring.coreos.com verbs: - create - delete - get - list - patch - update - watch - resources: - serverauthorizations - servers apiGroups: - policy.linkerd.io verbs: - create - delete - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: edge-iam-operator-clientctl annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} roleRef: name: edge-iam-clientctl kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: operator namespace: edge-iam kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: edge-iam-operator-providerctl annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} roleRef: name: edge-iam-providerctl kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: operator namespace: edge-iam kind: ServiceAccount --- apiVersion: v1 kind: ConfigMap metadata: name: bsl-hack namespace: edge-iam labels: platform.edge.ncr.com/component: edge-iam annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a data: IAM_BSL_BASE_URL: ${bsl_endpoint} --- apiVersion: v1 kind: Secret metadata: name: okta-secret namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} type: Opaque data: OKTA_CLIENT_ID: MG9hN25oM3I5eUZjWElySDUxZDc= OKTA_CLIENT_SECRET: alpnU25OMG1xVmFyRF96b25ZVTFlOXhaTlR4YzNOaE9TNW9rZDdtRQ== OKTA_ISSUER: aHR0cHM6Ly9jb21tZXJjZS1kZXYub2t0YXByZXZpZXcuY29tL29hdXRoMi9kZWZhdWx0 --- apiVersion: v1 kind: Secret metadata: name: verify-creds namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} type: Opaque data: client_id: ZGQyZTk1MDctYTVmOS00ZmRlLTllZDktM2UxMTQzNGVhYmUz client_secret: SVJCY00zMkF0NUEtbGlnM35xejluMjlDaHk= --- apiVersion: apps/v1 kind: Deployment metadata: name: operator labels: app.kubernetes.io/name: operator app.kubernetes.io/part-of: edge-iam platform.edge.ncr.com/component: edge-iam-operator namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: replicas: 1 selector: matchLabels: platform.edge.ncr.com/component: edge-iam-operator template: metadata: labels: platform.edge.ncr.com/component: edge-iam-operator annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: serviceAccountName: operator containers: - name: edge-iam-operator image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/edge-iam-operator@sha256:83f2362fafc2785b6cbf991d0a4df00ade78cab602c3569abfd66d621cb63b15 ports: - name: http protocol: TCP containerPort: 8082 env: - name: IAM_MODE value: release - name: IAM_REDIS_ADDRESS value: store-redis:6379 - name: IAM_COUCHDB_ADDRESS value: http://data-sync-couchdb-0.data-sync-couchdb.data-sync-couchdb.svc.cluster.local:5984 - name: IAM_COUCHDB_USER valueFrom: secretKeyRef: name: iam-store-user key: username - name: IAM_COUCHDB_PASSWORD valueFrom: secretKeyRef: name: iam-store-user key: password resources: limits: cpu: "100m" imagePullPolicy: Always imagePullSecrets: - name: edge-docker-pull-secret --- apiVersion: datasync.edge.ncr.com/v1alpha1 kind: CouchDBDatabase metadata: name: iam-accounts namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: name: iam-accounts security: members: names: - iam-store-user roles: - replication-user serverRef: name: store-server namespace: data-sync-couchdb --- apiVersion: datasync.edge.ncr.com/v1alpha1 kind: CouchDBUser metadata: name: iam-store-user namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: serverRef: name: store-server namespace: data-sync-couchdb user: name: iam-store-user roles: - replication-user --- apiVersion: iam.edge-infra.dev/v1alpha1 kind: Client metadata: name: verify namespace: edge-iam annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: clientName: Verifier grantTypes: - barcode - refresh_token - authorization_code - password - client_credentials printBarcodeUri: http://localhost:8088/verify/print-barcode redirectUris: - http://localhost:8088/verify/callback responseModes: - query responseTypes: - code scope: openid profile offline offline_access secretName: verify-creds --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: edge-iam-operator-monitoring namespace: edge-iam labels: app.kubernetes.io/name: operator app.kubernetes.io/part-of: edge-iam platform.edge.ncr.com/component: edge-iam-operator annotations: configmanagement.gke.io/cluster-selector: not-dsds-cluster monitoring.edge.ncr.com/allowed-metrics: | workqueue_retries_total controller_runtime_reconcile_total controller_runtime_reconcile_errors_total controller_runtime_reconcile_time_seconds pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: selector: matchLabels: platform.edge.ncr.com/component: edge-iam-operator podMetricsEndpoints: - port: http interval: 60s path: /metrics