1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 name: clients.iam.edge-infra.dev
5 annotations:
6 configmanagement.gke.io/cluster-selector: dsds-cluster
7 controller-gen.kubebuilder.io/version: (unknown)
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: edge-iam
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14 labels: {}
15spec:
16 group: iam.edge-infra.dev
17 names:
18 kind: Client
19 listKind: ClientList
20 plural: clients
21 singular: client
22 scope: Namespaced
23 versions:
24 - name: v1alpha1
25 additionalPrinterColumns:
26 - name: Reason
27 type: string
28 jsonPath: .status.conditions[0].reason
29 - name: Message
30 type: string
31 jsonPath: .status.conditions[0].message
32 - name: Age
33 type: date
34 jsonPath: .metadata.creationTimestamp
35 schema:
36 openAPIV3Schema:
37 type: object
38 description: Client is the Schema for the clients API
39 properties:
40 apiVersion:
41 type: string
42 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
43 kind:
44 type: string
45 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
46 metadata:
47 type: object
48 spec:
49 type: object
50 description: ClientSpec defines the desired state of Client
51 properties:
52 audience:
53 type: array
54 description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
55 items:
56 type: string
57 clientName:
58 type: string
59 description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
60 grantTypes:
61 type: array
62 description: GrantTypes is an array of grant types the client is allowed to use.
63 items:
64 type: string
65 maxItems: 5
66 minItems: 1
67 printBarcodeTypes:
68 type: array
69 description: PrintBarcodeTypes is an array that tells Edge-ID about client's printing capabilities.
70 items:
71 type: string
72 maxItems: 2
73 printBarcodeUri:
74 type: string
75 description: PrintBarcodeURI is the redirect URI of the client where print barcode is handled.
76 redirectUris:
77 type: array
78 description: RedirectURIs is an array of the redirect URIs allowed for the application
79 items:
80 type: string
81 responseModes:
82 type: array
83 description: ResponseModes is an array of response modes that client is allowed to send
84 items:
85 type: string
86 maxItems: 3
87 minItems: 0
88 responseTypes:
89 type: array
90 description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
91 items:
92 type: string
93 maxItems: 3
94 minItems: 1
95 roles:
96 type: array
97 description: Roles is an array of roles the client has.
98 items:
99 type: string
100 maxItems: 100
101 minItems: 0
102 scope:
103 type: string
104 description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
105 pattern: ([a-zA-Z0-9\.\*]+\s?)+
106 secretName:
107 type: string
108 description: SecretName points to the K8s secret that contains this client's ID and password
109 maxLength: 253
110 minLength: 1
111 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
112 required:
113 - grantTypes
114 - secretName
115 status:
116 type: object
117 description: ClientStatus defines the observed state of Client
118 properties:
119 conditions:
120 type: array
121 description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
122 items:
123 type: object
124 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
125 properties:
126 type:
127 type: string
128 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
129 maxLength: 316
130 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
131 status:
132 type: string
133 description: status of the condition, one of True, False, Unknown.
134 enum:
135 - "True"
136 - "False"
137 - Unknown
138 lastTransitionTime:
139 type: string
140 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
141 format: date-time
142 message:
143 type: string
144 description: message is a human readable message indicating details about the transition. This may be an empty string.
145 maxLength: 32768
146 observedGeneration:
147 type: integer
148 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
149 format: int64
150 minimum: 0
151 reason:
152 type: string
153 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
154 maxLength: 1024
155 minLength: 1
156 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
157 required:
158 - lastTransitionTime
159 - message
160 - reason
161 - status
162 - type
163 reconciliationError:
164 type: object
165 description: ReconciliationError represents an error that occurred during the reconciliation process
166 properties:
167 description:
168 type: string
169 description: Description is the description of the reconciliation error
170 statusCode:
171 type: string
172 description: Code is the status code of the reconciliation error
173 served: true
174 storage: true
175 subresources:
176 status: {}
177---
178apiVersion: apiextensions.k8s.io/v1
179kind: CustomResourceDefinition
180metadata:
181 name: providers.iam.edge-infra.dev
182 annotations:
183 configmanagement.gke.io/cluster-selector: dsds-cluster
184 controller-gen.kubebuilder.io/version: (unknown)
185 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
186 pallet.edge.ncr.com/name: edge-iam
187 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
188 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
189 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
190 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
191 labels: {}
192spec:
193 group: iam.edge-infra.dev
194 names:
195 kind: Provider
196 listKind: ProviderList
197 plural: providers
198 singular: provider
199 scope: Namespaced
200 versions:
201 - name: v1alpha1
202 additionalPrinterColumns:
203 - name: Target
204 type: string
205 jsonPath: .spec.target
206 - name: Age
207 type: date
208 jsonPath: .metadata.creationTimestamp
209 schema:
210 openAPIV3Schema:
211 type: object
212 description: Provider is the Schema for the providers API
213 properties:
214 apiVersion:
215 type: string
216 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
217 kind:
218 type: string
219 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
220 metadata:
221 type: object
222 spec:
223 type: object
224 description: ProviderSpec defines the desired state of Provider
225 properties:
226 barcode:
227 type: object
228 description: Barcode contains the configuration that Barcode login method should have
229 properties:
230 expire:
231 type: string
232 role:
233 type: boolean
234 description: checks if the user has the permission to print barcode
235 ff:
236 type: object
237 additionalProperties:
238 type: boolean
239 description: FF contains the launchdarkly feature flags defaults that should be enabled
240 issuer:
241 type: string
242 description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'"
243 okta:
244 type: object
245 description: okta field contains authurl as well as cred secret name
246 properties:
247 credsSecretName:
248 type: string
249 required:
250 - credsSecretName
251 pin:
252 type: object
253 description: PIN contains the configuration that PIN login method should have
254 properties:
255 attempts:
256 type: integer
257 maximum: 5
258 minimum: 3
259 expire:
260 type: string
261 history:
262 type: integer
263 maximum: 5
264 minimum: 3
265 length:
266 type: integer
267 profile:
268 type: object
269 description: Profile contains the configuration of profile
270 properties:
271 expire:
272 type: string
273 target:
274 type: string
275 description: 'Target sets the type of environment this provider targets, options: gcp, sds'
276 status:
277 type: object
278 description: ProviderStatus defines the observed state of Provider
279 properties:
280 conditions:
281 type: array
282 items:
283 type: object
284 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
285 properties:
286 type:
287 type: string
288 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
289 maxLength: 316
290 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
291 status:
292 type: string
293 description: status of the condition, one of True, False, Unknown.
294 enum:
295 - "True"
296 - "False"
297 - Unknown
298 lastTransitionTime:
299 type: string
300 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
301 format: date-time
302 message:
303 type: string
304 description: message is a human readable message indicating details about the transition. This may be an empty string.
305 maxLength: 32768
306 observedGeneration:
307 type: integer
308 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
309 format: int64
310 minimum: 0
311 reason:
312 type: string
313 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
314 maxLength: 1024
315 minLength: 1
316 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
317 required:
318 - lastTransitionTime
319 - message
320 - reason
321 - status
322 - type
323 served: true
324 storage: true
325 subresources:
326 status: {}
327---
328apiVersion: v1
329kind: ServiceAccount
330metadata:
331 name: operator
332 namespace: edge-iam
333 annotations:
334 configmanagement.gke.io/cluster-selector: dsds-cluster
335 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
336 pallet.edge.ncr.com/name: edge-iam
337 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
338 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
339 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
340 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
341 labels: {}
342---
343apiVersion: rbac.authorization.k8s.io/v1
344kind: Role
345metadata:
346 name: datasyncinit
347 namespace: edge-iam
348 annotations:
349 configmanagement.gke.io/cluster-selector: dsds-cluster
350 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
351 pallet.edge.ncr.com/name: edge-iam
352 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
353 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
354 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
355 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
356 labels: {}
357rules:
358- resources: # needed to access the secret created by your application
359 - secrets
360 apiGroups:
361 - ""
362 verbs:
363 - get
364- resources:
365 - pods
366 apiGroups:
367 - ""
368 verbs:
369 - get
370 - list
371 - watch
372- resources:
373 - replicasets
374 apiGroups:
375 - apps
376 verbs:
377 - get
378 - list
379 - watch
380- resources:
381 - couchdbusers
382 - couchdbdatabases
383 - couchdbreplicationsets
384 apiGroups:
385 - datasync.edge.ncr.com
386 verbs:
387 - create
388 - get
389 - list
390 - patch
391 - update
392 - watch
393- resources:
394 - couchdbusers/status
395 apiGroups:
396 - datasync.edge.ncr.com
397 verbs:
398 - get
399 - watch
400---
401apiVersion: rbac.authorization.k8s.io/v1
402kind: ClusterRole
403metadata:
404 name: edge-iam-clientctl
405 annotations:
406 configmanagement.gke.io/cluster-selector: dsds-cluster
407 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
408 pallet.edge.ncr.com/name: edge-iam
409 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
410 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
411 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
412 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
413 labels: {}
414rules:
415- resources:
416 - clients
417 apiGroups:
418 - iam.edge-infra.dev
419 verbs:
420 - create
421 - delete
422 - get
423 - list
424 - patch
425 - update
426 - watch
427- resources:
428 - clients/finalizers
429 apiGroups:
430 - iam.edge-infra.dev
431 verbs:
432 - update
433- resources:
434 - clients/status
435 apiGroups:
436 - iam.edge-infra.dev
437 verbs:
438 - get
439 - patch
440 - update
441---
442apiVersion: rbac.authorization.k8s.io/v1
443kind: ClusterRole
444metadata:
445 name: edge-iam-datasyncinit
446 annotations:
447 configmanagement.gke.io/cluster-selector: dsds-cluster
448 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
449 pallet.edge.ncr.com/name: edge-iam
450 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
451 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
452 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
453 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
454 labels: {}
455rules:
456- resources:
457 - nodes
458 apiGroups:
459 - ""
460 verbs:
461 - get
462 - list
463 - watch
464- resources:
465 - couchdbservers
466 apiGroups:
467 - datasync.edge.ncr.com
468 verbs:
469 - get
470 - list
471 - watch
472---
473apiVersion: rbac.authorization.k8s.io/v1
474kind: ClusterRole
475metadata:
476 name: edge-iam-providerctl
477 annotations:
478 configmanagement.gke.io/cluster-selector: dsds-cluster
479 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
480 pallet.edge.ncr.com/name: edge-iam
481 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
482 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
483 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
484 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
485 labels: {}
486rules:
487- resources:
488 - configmaps
489 - namespaces
490 - pods
491 - secrets
492 - serviceaccounts
493 - services
494 apiGroups:
495 - ""
496 verbs:
497 - create
498 - delete
499 - get
500 - list
501 - patch
502 - update
503 - watch
504- resources:
505 - namespaces/status
506 - services/status
507 apiGroups:
508 - ""
509 verbs:
510 - get
511- resources:
512 - daemonsets
513 - deployments
514 - replicasets
515 - statefulsets
516 apiGroups:
517 - apps
518 verbs:
519 - create
520 - delete
521 - get
522 - list
523 - patch
524 - update
525 - watch
526- resources:
527 - cronjobs
528 apiGroups:
529 - batch
530 verbs:
531 - create
532 - list
533 - patch
534- resources:
535 - persistence
536 apiGroups:
537 - edge.ncr.com
538 verbs:
539 - create
540 - get
541 - list
542 - patch
543 - update
544 - watch
545- resources:
546 - externalsecrets
547 apiGroups:
548 - external-secrets.io
549 verbs:
550 - create
551 - get
552 - list
553 - patch
554 - update
555 - watch
556- resources:
557 - mappings
558 apiGroups:
559 - getambassador.io
560 verbs:
561 - create
562 - delete
563 - get
564 - list
565 - patch
566 - update
567 - watch
568- resources:
569 - providers
570 apiGroups:
571 - iam.edge-infra.dev
572 verbs:
573 - create
574 - delete
575 - get
576 - list
577 - patch
578 - update
579 - watch
580- resources:
581 - providers/finalizers
582 apiGroups:
583 - iam.edge-infra.dev
584 verbs:
585 - update
586- resources:
587 - providers/status
588 apiGroups:
589 - iam.edge-infra.dev
590 verbs:
591 - get
592 - patch
593 - update
594- resources:
595 - servicemonitors
596 apiGroups:
597 - monitoring.coreos.com
598 verbs:
599 - create
600 - delete
601 - get
602 - list
603 - patch
604 - update
605 - watch
606- resources:
607 - serverauthorizations
608 - servers
609 apiGroups:
610 - policy.linkerd.io
611 verbs:
612 - create
613 - delete
614 - get
615 - list
616 - patch
617 - update
618 - watch
619---
620apiVersion: rbac.authorization.k8s.io/v1
621kind: RoleBinding
622metadata:
623 name: datasyncinit
624 namespace: edge-iam
625 annotations:
626 configmanagement.gke.io/cluster-selector: dsds-cluster
627 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
628 pallet.edge.ncr.com/name: edge-iam
629 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
630 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
631 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
632 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
633 labels: {}
634roleRef:
635 name: datasyncinit
636 kind: Role
637 apiGroup: rbac.authorization.k8s.io
638subjects:
639- name: touchpoint-provider
640 namespace: edge-iam
641 kind: ServiceAccount
642---
643apiVersion: rbac.authorization.k8s.io/v1
644kind: ClusterRoleBinding
645metadata:
646 name: edge-iam-datasyncinit
647 annotations:
648 configmanagement.gke.io/cluster-selector: dsds-cluster
649 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
650 pallet.edge.ncr.com/name: edge-iam
651 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
652 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
653 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
654 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
655 labels: {}
656roleRef:
657 name: edge-iam-datasyncinit
658 kind: ClusterRole
659 apiGroup: rbac.authorization.k8s.io
660subjects:
661- name: touchpoint-provider
662 namespace: edge-iam
663 kind: ServiceAccount
664---
665apiVersion: rbac.authorization.k8s.io/v1
666kind: ClusterRoleBinding
667metadata:
668 name: edge-iam-operator-clientctl
669 annotations:
670 configmanagement.gke.io/cluster-selector: dsds-cluster
671 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
672 pallet.edge.ncr.com/name: edge-iam
673 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
674 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
675 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
676 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
677 labels: {}
678roleRef:
679 name: edge-iam-clientctl
680 kind: ClusterRole
681 apiGroup: rbac.authorization.k8s.io
682subjects:
683- name: operator
684 namespace: edge-iam
685 kind: ServiceAccount
686---
687apiVersion: rbac.authorization.k8s.io/v1
688kind: ClusterRoleBinding
689metadata:
690 name: edge-iam-operator-providerctl
691 annotations:
692 configmanagement.gke.io/cluster-selector: dsds-cluster
693 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
694 pallet.edge.ncr.com/name: edge-iam
695 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
696 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
697 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
698 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
699 labels: {}
700roleRef:
701 name: edge-iam-providerctl
702 kind: ClusterRole
703 apiGroup: rbac.authorization.k8s.io
704subjects:
705- name: operator
706 namespace: edge-iam
707 kind: ServiceAccount
708---
709apiVersion: v1
710kind: ConfigMap
711metadata:
712 name: bsl-hack
713 namespace: edge-iam
714 labels:
715 platform.edge.ncr.com/component: edge-iam
716 annotations:
717 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
718 pallet.edge.ncr.com/name: edge-iam
719 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
720 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
721 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
722 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
723data:
724 IAM_BSL_BASE_URL: ${bsl_endpoint}
725---
726apiVersion: v1
727kind: Secret
728metadata:
729 name: verify-creds
730 namespace: edge-iam
731 annotations:
732 configmanagement.gke.io/cluster-selector: dsds-cluster
733 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
734 pallet.edge.ncr.com/name: edge-iam
735 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
736 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
737 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
738 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
739 labels: {}
740type: Opaque
741data:
742 client_id: ZGQyZTk1MDctYTVmOS00ZmRlLTllZDktM2UxMTQzNGVhYmUz
743 client_secret: SVJCY00zMkF0NUEtbGlnM35xejluMjlDaHk=
744---
745apiVersion: apps/v1
746kind: Deployment
747metadata:
748 name: operator
749 labels:
750 app.kubernetes.io/name: operator
751 app.kubernetes.io/part-of: edge-iam
752 platform.edge.ncr.com/component: edge-iam-operator
753 namespace: edge-iam
754 annotations:
755 configmanagement.gke.io/cluster-selector: dsds-cluster
756 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
757 pallet.edge.ncr.com/name: edge-iam
758 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
759 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
760 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
761 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
762spec:
763 replicas: 1
764 selector:
765 matchLabels:
766 platform.edge.ncr.com/component: edge-iam-operator
767 template:
768 metadata:
769 labels:
770 platform.edge.ncr.com/component: edge-iam-operator
771 annotations:
772 configmanagement.gke.io/cluster-selector: dsds-cluster
773 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
774 pallet.edge.ncr.com/name: edge-iam
775 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
776 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
777 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
778 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
779 spec:
780 serviceAccountName: operator
781 containers:
782 - name: edge-iam-operator
783 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/edge-iam-operator@sha256:83f2362fafc2785b6cbf991d0a4df00ade78cab602c3569abfd66d621cb63b15
784 ports:
785 - name: http
786 protocol: TCP
787 containerPort: 8082
788 env:
789 - name: IAM_MODE
790 value: release
791 - name: IAM_REDIS_ADDRESS
792 value: store-redis:6379
793 - name: IAM_COUCHDB_ADDRESS
794 value: http://data-sync-couchdb-0.data-sync-couchdb.data-sync-couchdb.svc.cluster.local:5984
795 - name: IAM_COUCHDB_USER
796 valueFrom:
797 secretKeyRef:
798 name: iam-store-user
799 key: username
800 - name: IAM_COUCHDB_PASSWORD
801 valueFrom:
802 secretKeyRef:
803 name: iam-store-user
804 key: password
805 resources:
806 limits:
807 cpu: "100m"
808 imagePullPolicy: Always
809 imagePullSecrets:
810 - name: edge-docker-pull-secret
811 affinity:
812 nodeAffinity:
813 requiredDuringSchedulingIgnoredDuringExecution:
814 nodeSelectorTerms:
815 - matchExpressions:
816 - key: node.ncr.com/class
817 operator: In
818 values:
819 - server
820---
821apiVersion: datasync.edge.ncr.com/v1alpha1
822kind: CouchDBDatabase
823metadata:
824 name: iam-accounts
825 namespace: edge-iam
826 annotations:
827 configmanagement.gke.io/cluster-selector: dsds-cluster
828 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
829 pallet.edge.ncr.com/name: edge-iam
830 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
831 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
832 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
833 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
834 labels: {}
835spec:
836 name: iam-accounts
837 security:
838 members:
839 names:
840 - iam-store-user
841 roles:
842 - replication-user
843 serverRef:
844 name: store-server
845 namespace: data-sync-couchdb
846---
847apiVersion: datasync.edge.ncr.com/v1alpha1
848kind: CouchDBUser
849metadata:
850 name: iam-store-user
851 namespace: edge-iam
852 annotations:
853 configmanagement.gke.io/cluster-selector: dsds-cluster
854 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
855 pallet.edge.ncr.com/name: edge-iam
856 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
857 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
858 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
859 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
860 labels: {}
861spec:
862 serverRef:
863 name: store-server
864 namespace: data-sync-couchdb
865 user:
866 name: iam-store-user
867 roles:
868 - replication-user
869---
870apiVersion: iam.edge-infra.dev/v1alpha1
871kind: Client
872metadata:
873 name: verify
874 namespace: edge-iam
875 annotations:
876 configmanagement.gke.io/cluster-selector: dsds-cluster
877 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
878 pallet.edge.ncr.com/name: edge-iam
879 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
880 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
881 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
882 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
883 labels: {}
884spec:
885 clientName: Verifier
886 grantTypes:
887 - barcode
888 - refresh_token
889 - authorization_code
890 - password
891 - client_credentials
892 printBarcodeUri: http://localhost:8088/verify/print-barcode
893 redirectUris:
894 - http://localhost:8088/verify/callback
895 responseModes:
896 - query
897 responseTypes:
898 - code
899 scope: openid profile offline offline_access
900 secretName: verify-creds
901---
902apiVersion: monitoring.coreos.com/v1
903kind: PodMonitor
904metadata:
905 name: edge-iam-operator-monitoring
906 namespace: edge-iam
907 labels:
908 app.kubernetes.io/name: operator
909 app.kubernetes.io/part-of: edge-iam
910 platform.edge.ncr.com/component: edge-iam-operator
911 annotations:
912 configmanagement.gke.io/cluster-selector: dsds-cluster
913 monitoring.edge.ncr.com/allowed-metrics: |
914 workqueue_retries_total
915 controller_runtime_reconcile_total
916 controller_runtime_reconcile_errors_total
917 controller_runtime_reconcile_time_seconds
918 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
919 pallet.edge.ncr.com/name: edge-iam
920 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
921 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
922 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
923 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
924spec:
925 selector:
926 matchLabels:
927 platform.edge.ncr.com/component: edge-iam-operator
928 podMetricsEndpoints:
929 - port: http
930 interval: 60s
931 path: /metrics
View as plain text