1apiVersion: v1
2kind: Namespace
3metadata:
4 name: redpanda-system
5 labels:
6 control-plane: controller-manager
7 annotations:
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: redpanda-system
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14---
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 name: clusters.redpanda.vectorized.io
19 annotations:
20 controller-gen.kubebuilder.io/version: v0.4.1
21 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
22 pallet.edge.ncr.com/name: redpanda-system
23 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
24 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
25 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
26 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
27 labels: {}
28spec:
29 group: redpanda.vectorized.io
30 names:
31 kind: Cluster
32 listKind: ClusterList
33 plural: clusters
34 singular: cluster
35 scope: Namespaced
36 versions:
37 - name: v1alpha1
38 schema:
39 openAPIV3Schema:
40 type: object
41 description: Cluster is the Schema for the clusters API
42 properties:
43 apiVersion:
44 type: string
45 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
46 kind:
47 type: string
48 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
49 metadata:
50 type: object
51 spec:
52 type: object
53 description: ClusterSpec defines the desired state of Cluster
54 properties:
55 annotations:
56 type: object
57 additionalProperties:
58 type: string
59 description: If specified, Redpanda Pod annotations
60 replicas:
61 type: integer
62 description: Replicas determine how big the cluster will be.
63 format: int32
64 minimum: 0
65 nodeSelector:
66 type: object
67 additionalProperties:
68 type: string
69 description: If specified, Redpanda Pod node selectors. For reference please visit https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node
70 tolerations:
71 type: array
72 description: If specified, Redpanda Pod tolerations
73 items:
74 type: object
75 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
76 properties:
77 value:
78 type: string
79 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
80 effect:
81 type: string
82 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
83 key:
84 type: string
85 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
86 operator:
87 type: string
88 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
89 tolerationSeconds:
90 type: integer
91 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
92 format: int64
93 image:
94 type: string
95 description: Image is the fully qualified name of the Redpanda container
96 resources:
97 type: object
98 description: Resources used by redpanda process running in container. Beware that there are multiple containers running in the redpanda pod and these can be enabled/disabled and configured from the `sidecars` field. These containers have separate resources settings and the amount of resources assigned to these containers will be required on the cluster on top of the resources defined here
99 properties:
100 limits:
101 type: object
102 additionalProperties:
103 anyOf:
104 - type: integer
105 - type: string
106 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
107 x-kubernetes-int-or-string: true
108 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
109 redpanda:
110 type: object
111 additionalProperties:
112 anyOf:
113 - type: integer
114 - type: string
115 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
116 x-kubernetes-int-or-string: true
117 description: 'Redpanda describes the amount of compute resources passed to redpanda. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
118 requests:
119 type: object
120 additionalProperties:
121 anyOf:
122 - type: integer
123 - type: string
124 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
125 x-kubernetes-int-or-string: true
126 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
127 additionalConfiguration:
128 type: object
129 additionalProperties:
130 type: string
131 description: "For configuration parameters not exposed, a map can be provided for string values. Such values are passed transparently to Redpanda. The key format is \"<subsystem>.field\", e.g., \n additionalConfiguration: redpanda.enable_idempotence: \"true\" redpanda.default_topic_partitions: \"3\" pandaproxy_client.produce_batch_size_bytes: \"2097152\" \n Notes: 1. versioning is not supported for map keys 2. key names not supported by Redpanda will lead to failure on start up 3. updating this map requires a manual restart of the Redpanda pods. Please be aware of sync period when one Redpandais POD is restarted 4. cannot have keys that conflict with existing struct fields - it leads to panic \n By default if Replicas is 3 or more and redpanda.default_topic_partitions is not set default webhook is setting redpanda.default_topic_partitions to 3."
132 cloudStorage:
133 type: object
134 description: Cloud storage configuration for cluster
135 properties:
136 secretKeyRef:
137 type: object
138 description: 'Reference to (Kubernetes) Secret containing the cloud storage secret key. SecretKeyRef must contain the name and namespace of the Secret. The Secret must contain a data entry of the form: data[<SecretKeyRef.Name>] = <secret key>'
139 properties:
140 name:
141 type: string
142 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
143 namespace:
144 type: string
145 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
146 apiVersion:
147 type: string
148 description: API version of the referent.
149 kind:
150 type: string
151 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
152 fieldPath:
153 type: string
154 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
155 resourceVersion:
156 type: string
157 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
158 uid:
159 type: string
160 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
161 accessKey:
162 type: string
163 description: Cloud storage access key
164 apiEndpoint:
165 type: string
166 description: API endpoint for data storage
167 apiEndpointPort:
168 type: integer
169 description: Used to override TLS port (443)
170 bucket:
171 type: string
172 description: Cloud storage bucket
173 cacheStorage:
174 type: object
175 description: Cache directory that will be mounted for Redpanda
176 properties:
177 capacity:
178 anyOf:
179 - type: integer
180 - type: string
181 description: Storage capacity requested
182 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
183 x-kubernetes-int-or-string: true
184 storageClassName:
185 type: string
186 description: Storage class name - https://kubernetes.io/docs/concepts/storage/storage-classes/
187 credentialsSource:
188 type: string
189 description: Determines how to load credentials for archival storage. Supported values are config_file (default), aws_instance_metadata, sts, gcp_instance_metadata (see the cloud_storage_credentials_source property at https://docs.redpanda.com/docs/reference/cluster-properties/). When using config_file then accessKey and secretKeyRef are mandatory.
190 disableTLS:
191 type: boolean
192 description: Disable TLS (can be used in tests)
193 enabled:
194 type: boolean
195 description: Enables data archiving feature
196 maxConnections:
197 type: integer
198 description: Number of simultaneous uploads per shard (default - 20)
199 reconciliationIntervalMs:
200 type: integer
201 description: Reconciliation period (default - 10s)
202 region:
203 type: string
204 description: Cloud storage region
205 trustfile:
206 type: string
207 description: Path to certificate that should be used to validate server certificate
208 required:
209 - enabled
210 configuration:
211 type: object
212 description: Configuration represent redpanda specific configuration
213 properties:
214 adminApi:
215 type: array
216 items:
217 type: object
218 description: AdminAPI configures listener for the Redpanda Admin API
219 properties:
220 port:
221 type: integer
222 external:
223 type: object
224 description: External enables user to expose Redpanda admin API outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig
225 properties:
226 subdomain:
227 type: string
228 description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name.
229 bootstrapLoadBalancer:
230 type: object
231 description: Configures a load balancer for bootstrapping
232 properties:
233 annotations:
234 type: object
235 additionalProperties:
236 type: string
237 description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations.
238 port:
239 type: integer
240 description: The port used to communicate to the load balancer.
241 enabled:
242 type: boolean
243 description: Enabled enables the external connectivity feature
244 endpointTemplate:
245 type: string
246 description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic."
247 preferredAddressType:
248 type: string
249 description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty.
250 tls:
251 type: object
252 description: Configuration of TLS for Admin API
253 properties:
254 enabled:
255 type: boolean
256 requireClientAuth:
257 type: boolean
258 autoCreateTopics:
259 type: boolean
260 description: Enable auto-creation of topics. Reference https://kafka.apache.org/documentation/#brokerconfigs_auto.create.topics.enable
261 developerMode:
262 type: boolean
263 groupTopicPartitions:
264 type: integer
265 description: Number of partitions in the internal group membership topic
266 kafkaApi:
267 type: array
268 items:
269 type: object
270 description: KafkaAPI configures listener for the Kafka API
271 properties:
272 port:
273 type: integer
274 authenticationMethod:
275 type: string
276 description: 'AuthenticationMethod can enable authentication method per Kafka listener. Available options are: none, sasl, mtls_identity. https://docs.redpanda.com/docs/security/authentication/'
277 external:
278 type: object
279 description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig
280 properties:
281 subdomain:
282 type: string
283 description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name.
284 bootstrapLoadBalancer:
285 type: object
286 description: Configures a load balancer for bootstrapping
287 properties:
288 annotations:
289 type: object
290 additionalProperties:
291 type: string
292 description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations.
293 port:
294 type: integer
295 description: The port used to communicate to the load balancer.
296 enabled:
297 type: boolean
298 description: Enabled enables the external connectivity feature
299 endpointTemplate:
300 type: string
301 description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic."
302 preferredAddressType:
303 type: string
304 description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty.
305 tls:
306 type: object
307 description: Configuration of TLS for Kafka API
308 properties:
309 enabled:
310 type: boolean
311 issuerRef:
312 type: object
313 description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate.
314 properties:
315 name:
316 type: string
317 description: Name of the resource being referred to.
318 kind:
319 type: string
320 description: Kind of the resource being referred to.
321 group:
322 type: string
323 description: Group of the resource being referred to.
324 required:
325 - name
326 nodeSecretRef:
327 type: object
328 description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes'
329 properties:
330 name:
331 type: string
332 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
333 namespace:
334 type: string
335 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
336 apiVersion:
337 type: string
338 description: API version of the referent.
339 kind:
340 type: string
341 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
342 fieldPath:
343 type: string
344 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
345 resourceVersion:
346 type: string
347 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
348 uid:
349 type: string
350 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
351 requireClientAuth:
352 type: boolean
353 description: Enables two-way verification on the server side. If enabled, all Kafka API clients are required to have a valid client certificate.
354 pandaproxyApi:
355 type: array
356 items:
357 type: object
358 description: PandaproxyAPI configures listener for the Pandaproxy API
359 properties:
360 port:
361 type: integer
362 authenticationMethod:
363 type: string
364 description: 'AuthenticationMethod can enable authentication method per pandaproxy listener. Available options are: none, http_basic.'
365 external:
366 type: object
367 description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig
368 properties:
369 subdomain:
370 type: string
371 description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name.
372 bootstrapLoadBalancer:
373 type: object
374 description: Configures a load balancer for bootstrapping
375 properties:
376 annotations:
377 type: object
378 additionalProperties:
379 type: string
380 description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations.
381 port:
382 type: integer
383 description: The port used to communicate to the load balancer.
384 enabled:
385 type: boolean
386 description: Enabled enables the external connectivity feature
387 endpointTemplate:
388 type: string
389 description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic."
390 ingress:
391 type: object
392 description: Configures a ingress resource
393 properties:
394 annotations:
395 type: object
396 additionalProperties:
397 type: string
398 description: Optional annotations for the generated ingress.
399 enabled:
400 type: boolean
401 description: Indicates if ingress is enabled (true when unspecified).
402 endpoint:
403 type: string
404 description: If present, it's appended to the subdomain to form the ingress hostname.
405 preferredAddressType:
406 type: string
407 description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty.
408 tls:
409 type: object
410 description: Configuration of TLS for Pandaproxy API
411 properties:
412 enabled:
413 type: boolean
414 issuerRef:
415 type: object
416 description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate.
417 properties:
418 name:
419 type: string
420 description: Name of the resource being referred to.
421 kind:
422 type: string
423 description: Kind of the resource being referred to.
424 group:
425 type: string
426 description: Group of the resource being referred to.
427 required:
428 - name
429 nodeSecretRef:
430 type: object
431 description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes'
432 properties:
433 name:
434 type: string
435 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
436 namespace:
437 type: string
438 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
439 apiVersion:
440 type: string
441 description: API version of the referent.
442 kind:
443 type: string
444 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
445 fieldPath:
446 type: string
447 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
448 resourceVersion:
449 type: string
450 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
451 uid:
452 type: string
453 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
454 requireClientAuth:
455 type: boolean
456 description: Enables two-way verification on the server side. If enabled, all Pandaproxy API clients are required to have a valid client certificate.
457 rpcServer:
458 type: object
459 description: SocketAddress provide the way to configure the port
460 properties:
461 port:
462 type: integer
463 schemaRegistry:
464 type: object
465 description: SchemaRegistryAPI configures the schema registry API
466 properties:
467 port:
468 type: integer
469 description: Port will set the schema registry listener port in Redpanda configuration. If not set the default will be 8081
470 authenticationMethod:
471 type: string
472 description: 'AuthenticationMethod can enable authentication method per schema registry listener. Available options are: none, http_basic.'
473 external:
474 type: object
475 description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig
476 properties:
477 subdomain:
478 type: string
479 description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name.
480 bootstrapLoadBalancer:
481 type: object
482 description: Configures a load balancer for bootstrapping
483 properties:
484 annotations:
485 type: object
486 additionalProperties:
487 type: string
488 description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations.
489 port:
490 type: integer
491 description: The port used to communicate to the load balancer.
492 enabled:
493 type: boolean
494 description: Enabled enables the external connectivity feature
495 endpoint:
496 type: string
497 description: Indicates the global endpoint that (together with subdomain), should be advertised for schema registry.
498 endpointTemplate:
499 type: string
500 description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic."
501 preferredAddressType:
502 type: string
503 description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty.
504 staticNodePort:
505 type: boolean
506 description: Indicates that the node port for the service needs not to be generated.
507 tls:
508 type: object
509 description: TLS is the configuration for schema registry
510 properties:
511 enabled:
512 type: boolean
513 issuerRef:
514 type: object
515 description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate.
516 properties:
517 name:
518 type: string
519 description: Name of the resource being referred to.
520 kind:
521 type: string
522 description: Kind of the resource being referred to.
523 group:
524 type: string
525 description: Group of the resource being referred to.
526 required:
527 - name
528 nodeSecretRef:
529 type: object
530 description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes'
531 properties:
532 name:
533 type: string
534 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
535 namespace:
536 type: string
537 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
538 apiVersion:
539 type: string
540 description: API version of the referent.
541 kind:
542 type: string
543 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
544 fieldPath:
545 type: string
546 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
547 resourceVersion:
548 type: string
549 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
550 uid:
551 type: string
552 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
553 requireClientAuth:
554 type: boolean
555 description: Enables two-way verification on the server side. If enabled, all SchemaRegistry clients are required to have a valid client certificate.
556 required:
557 - port
558 dnsTrailingDotDisabled:
559 type: boolean
560 description: DNSTrailingDotDisabled gives ability to turn off the fully-qualified DNS name. http://www.dns-sd.org/trailingdotsindomainnames.html
561 enableSasl:
562 type: boolean
563 description: 'SASL enablement flag Deprecated: replaced by "kafkaEnableAuthorization"'
564 kafkaEnableAuthorization:
565 type: boolean
566 description: "Enable authorization for Kafka connections. Values are: \n - `nil`: Ignored. Authorization is enabled with `enable_sasl: true` \n - `true`: authorization is required \n - `false`: authorization is disabled; \n See also `enableSasl` and `configuration.kafkaApi[].authenticationMethod`"
567 licenseRef:
568 type: object
569 description: If key is not provided in the SecretRef, Secret data should have key "license"
570 properties:
571 name:
572 type: string
573 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
574 namespace:
575 type: string
576 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
577 key:
578 type: string
579 description: Key in Secret data to get value from
580 required:
581 - name
582 - namespace
583 podDisruptionBudget:
584 type: object
585 description: PodDisruptionBudget specifies whether PDB resource should be created for the cluster and how should it be configured. By default this is enabled and defaults to MaxUnavailable=1
586 properties:
587 enabled:
588 type: boolean
589 description: Enabled specifies whether PDB should be generated for the cluster. It defaults to true
590 maxUnavailable:
591 anyOf:
592 - type: integer
593 - type: string
594 description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable". This property defaults to 1. you can read more in https://kubernetes.io/docs/tasks/run-application/configure-pdb/
595 x-kubernetes-int-or-string: true
596 minAvailable:
597 anyOf:
598 - type: integer
599 - type: string
600 description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". This is a mutually exclusive setting with "maxUnavailable". you can read more in https://kubernetes.io/docs/tasks/run-application/configure-pdb/
601 x-kubernetes-int-or-string: true
602 restartConfig:
603 type: object
604 description: RestartConfig allows to control the behavior of the cluster when restarting
605 properties:
606 disableMaintenanceModeHooks:
607 type: boolean
608 description: DisableMaintenanceModeHooks deactivates the preStop and postStart hooks that force nodes to enter maintenance mode when stopping and exit maintenance mode when up again
609 sidecars:
610 type: object
611 description: Sidecars is list of sidecars run alongside redpanda container
612 properties:
613 rpkStatus:
614 type: object
615 description: RpkStatus is sidecar running rpk status collecting status information from the running node
616 properties:
617 resources:
618 type: object
619 description: Resources are resource requirements and limits for the container running this sidecar. For the default sidecars this is defaulted
620 properties:
621 limits:
622 type: object
623 additionalProperties:
624 anyOf:
625 - type: integer
626 - type: string
627 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
628 x-kubernetes-int-or-string: true
629 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
630 requests:
631 type: object
632 additionalProperties:
633 anyOf:
634 - type: integer
635 - type: string
636 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
637 x-kubernetes-int-or-string: true
638 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
639 enabled:
640 type: boolean
641 description: Enabled if false, the sidecar won't be added to the pod running redpanda node
642 storage:
643 type: object
644 description: Storage spec for cluster
645 properties:
646 capacity:
647 anyOf:
648 - type: integer
649 - type: string
650 description: Storage capacity requested
651 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
652 x-kubernetes-int-or-string: true
653 storageClassName:
654 type: string
655 description: Storage class name - https://kubernetes.io/docs/concepts/storage/storage-classes/
656 superUsers:
657 type: array
658 description: List of superusers
659 items:
660 type: object
661 description: Superuser has full access to the Redpanda cluster
662 properties:
663 username:
664 type: string
665 required:
666 - username
667 version:
668 type: string
669 description: Version is the Redpanda container tag
670 required:
671 - resources
672 status:
673 type: object
674 description: ClusterStatus defines the observed state of Cluster
675 properties:
676 replicas:
677 type: integer
678 description: Replicas show how many nodes have been created for the cluster
679 format: int32
680 conditions:
681 type: array
682 description: Current state of the cluster.
683 items:
684 type: object
685 description: ClusterCondition contains details for the current conditions of the cluster
686 properties:
687 type:
688 type: string
689 description: Type is the type of the condition
690 enum:
691 - ClusterConfigured
692 status:
693 type: string
694 description: Status is the status of the condition
695 lastTransitionTime:
696 type: string
697 description: Last time the condition transitioned from one status to another
698 format: date-time
699 message:
700 type: string
701 description: Human-readable message indicating details about last transition
702 reason:
703 type: string
704 description: Unique, one-word, CamelCase reason for the condition's last transition
705 required:
706 - status
707 - type
708 currentReplicas:
709 type: integer
710 description: CurrentReplicas is the number of Pods that the controller currently wants to run for the cluster.
711 format: int32
712 decommissioningNode:
713 type: integer
714 description: Indicates that a node is currently being decommissioned from the cluster and provides its ordinal number
715 format: int32
716 nodes:
717 type: object
718 description: Nodes of the provisioned redpanda nodes
719 properties:
720 external:
721 type: array
722 items:
723 type: string
724 externalAdmin:
725 type: array
726 items:
727 type: string
728 externalBootstrap:
729 type: object
730 description: LoadBalancerStatus reports the load balancer status as generated by the load balancer core service
731 properties:
732 ingress:
733 type: array
734 description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
735 items:
736 type: object
737 description: 'LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.'
738 properties:
739 hostname:
740 type: string
741 description: Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)
742 ports:
743 type: array
744 description: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it
745 items:
746 type: object
747 properties:
748 protocol:
749 type: string
750 default: TCP
751 description: 'Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"'
752 port:
753 type: integer
754 description: Port is the port number of the service port of which status is recorded here
755 format: int32
756 error:
757 type: string
758 description: 'Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)'
759 maxLength: 316
760 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
761 required:
762 - port
763 - protocol
764 x-kubernetes-list-type: atomic
765 ip:
766 type: string
767 description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)
768 externalPandaproxy:
769 type: array
770 items:
771 type: string
772 internal:
773 type: array
774 items:
775 type: string
776 pandaproxyIngress:
777 type: string
778 schemaRegistry:
779 type: object
780 description: SchemaRegistryStatus reports addresses where schema registry can be reached
781 properties:
782 external:
783 type: string
784 description: "External address should be registered in DNS provider using all public IP of a nodes that Redpanda is scheduled on. \n The External is empty when subdomain is not provided."
785 externalNodeIPs:
786 type: array
787 description: ExternalNodeIPs is only filled when the Schema Registry external connectivity feature flag is enabled, but the subdomain is empty. This gives user ability to register all addresses individually in DNS provider of choice.
788 items:
789 type: string
790 internal:
791 type: string
792 readyReplicas:
793 type: integer
794 description: ReadyReplicas is the number of Pods belonging to the cluster that have a Ready Condition.
795 format: int32
796 restarting:
797 type: boolean
798 description: Indicates that a cluster is restarting due to an upgrade or a different reason
799 upgrading:
800 type: boolean
801 description: 'Indicates cluster is upgrading. Deprecated: replaced by "restarting"'
802 version:
803 type: string
804 description: Current version of the cluster.
805 served: true
806 storage: true
807 subresources:
808 status: {}
809---
810apiVersion: apiextensions.k8s.io/v1
811kind: CustomResourceDefinition
812metadata:
813 name: consoles.redpanda.vectorized.io
814 annotations:
815 controller-gen.kubebuilder.io/version: v0.4.1
816 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
817 pallet.edge.ncr.com/name: redpanda-system
818 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
819 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
820 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
821 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
822 labels: {}
823spec:
824 group: redpanda.vectorized.io
825 names:
826 kind: Console
827 listKind: ConsoleList
828 plural: consoles
829 singular: console
830 scope: Namespaced
831 versions:
832 - name: v1alpha1
833 schema:
834 openAPIV3Schema:
835 type: object
836 description: Console is the Schema for the consoles API
837 properties:
838 apiVersion:
839 type: string
840 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
841 kind:
842 type: string
843 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
844 metadata:
845 type: object
846 spec:
847 type: object
848 description: ConsoleSpec defines the desired state of Console Most of the fields here are copied from Console config REF https://github.com/redpanda-data/console/blob/master/backend/pkg/api/config.go
849 properties:
850 cloud:
851 type: object
852 description: Cloud contains configurations for Redpanda cloud. If you're running a self-hosted installation, you can ignore this
853 properties:
854 prometheusEndpoint:
855 type: object
856 description: PrometheusEndpointConfig configures the Prometheus endpoint that shall be exposed in Redpanda Cloud so that users can scrape this URL to collect their dataplane's metrics in their own time-series database.
857 properties:
858 basicAuth:
859 type: object
860 description: BasicAuthConfig are credentials that will be required by the user in order to scrape the endpoint
861 properties:
862 passwordRef:
863 type: object
864 description: SecretKeyRef contains enough information to inspect or modify the referred Secret data REF https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference
865 properties:
866 name:
867 type: string
868 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
869 namespace:
870 type: string
871 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
872 key:
873 type: string
874 description: Key in Secret data to get value from
875 required:
876 - name
877 - namespace
878 username:
879 type: string
880 required:
881 - passwordRef
882 - username
883 enabled:
884 type: boolean
885 prometheus:
886 type: object
887 description: PrometheusConfig is configuration of prometheus instance
888 properties:
889 address:
890 type: string
891 description: Address to Prometheus endpoint
892 jobs:
893 type: array
894 description: Jobs is the list of Prometheus Jobs that we want to discover so that we can then scrape the discovered targets ourselves.
895 items:
896 type: object
897 description: PrometheusScraperJobConfig is the configuration object that determines what Prometheus targets we should scrape.
898 properties:
899 jobName:
900 type: string
901 description: JobName refers to the Prometheus job name whose discovered targets we want to scrape
902 keepLabels:
903 type: array
904 description: KeepLabels is a list of label keys that are added by Prometheus when scraping the target and should remain for all metrics as exposed to the Prometheus endpoint.
905 items:
906 type: string
907 required:
908 - jobName
909 - keepLabels
910 targetRefreshInterval:
911 type: string
912 default: 10s
913 required:
914 - address
915 - jobs
916 responseCacheDuration:
917 type: string
918 default: 1s
919 format: duration
920 required:
921 - enabled
922 - prometheus
923 required:
924 - prometheusEndpoint
925 clusterRef:
926 type: object
927 description: The referenced Redpanda Cluster
928 properties:
929 name:
930 type: string
931 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
932 namespace:
933 type: string
934 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
935 required:
936 - name
937 - namespace
938 connect:
939 type: object
940 description: Connect defines configurable fields for Kafka Connect
941 properties:
942 clusters:
943 type: array
944 items:
945 type: object
946 description: ConnectCluster defines configurable fields for the Kafka Connect cluster
947 properties:
948 name:
949 type: string
950 basicAuthRef:
951 type: object
952 description: BasicAuthRef configures basic auth credentials referenced by Secret Expects to have keys "username", "password"
953 properties:
954 name:
955 type: string
956 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
957 namespace:
958 type: string
959 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
960 apiVersion:
961 type: string
962 description: API version of the referent.
963 kind:
964 type: string
965 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
966 fieldPath:
967 type: string
968 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
969 resourceVersion:
970 type: string
971 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
972 uid:
973 type: string
974 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
975 tls:
976 type: object
977 description: TLS configures mTLS auth
978 properties:
979 secretKeyRef:
980 type: object
981 description: SecretKeyRef configures certificate used for mTLS auth referenced by Secret Expects to have keys "tls.crt", "tls.key", "ca.crt"
982 properties:
983 name:
984 type: string
985 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
986 namespace:
987 type: string
988 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
989 apiVersion:
990 type: string
991 description: API version of the referent.
992 kind:
993 type: string
994 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
995 fieldPath:
996 type: string
997 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
998 resourceVersion:
999 type: string
1000 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
1001 uid:
1002 type: string
1003 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
1004 enabled:
1005 type: boolean
1006 insecureSkipTlsVerify:
1007 type: boolean
1008 tokenRef:
1009 type: object
1010 description: TokenRef configures token header auth referenced by Secret Expects to have key "token"
1011 properties:
1012 name:
1013 type: string
1014 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1015 namespace:
1016 type: string
1017 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1018 apiVersion:
1019 type: string
1020 description: API version of the referent.
1021 kind:
1022 type: string
1023 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1024 fieldPath:
1025 type: string
1026 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
1027 resourceVersion:
1028 type: string
1029 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
1030 uid:
1031 type: string
1032 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
1033 url:
1034 type: string
1035 required:
1036 - name
1037 - url
1038 connectTimeout:
1039 type: string
1040 default: 15s
1041 format: duration
1042 enabled:
1043 type: boolean
1044 readTimeout:
1045 type: string
1046 default: 60s
1047 format: duration
1048 requestTimeout:
1049 type: string
1050 default: 6s
1051 format: duration
1052 deployment:
1053 type: object
1054 description: Deployment defines configurable fields for the Console Deployment resource
1055 properties:
1056 replicas:
1057 type: integer
1058 default: 1
1059 format: int32
1060 image:
1061 type: string
1062 maxSurge:
1063 type: integer
1064 default: 1
1065 format: int32
1066 maxUnavailable:
1067 type: integer
1068 default: 0
1069 format: int32
1070 required:
1071 - image
1072 enterprise:
1073 type: object
1074 description: Enterprise defines configurable fields for features that require license
1075 properties:
1076 rbac:
1077 type: object
1078 description: Console uses role-based access control (RBAC) to restrict system access to authorized users
1079 properties:
1080 enabled:
1081 type: boolean
1082 roleBindingsRef:
1083 type: object
1084 description: RoleBindingsRef is the ConfigMap that contains the RBAC file The ConfigMap should contain "rbac.yaml" key
1085 properties:
1086 name:
1087 type: string
1088 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1089 required:
1090 - enabled
1091 - roleBindingsRef
1092 required:
1093 - rbac
1094 ingress:
1095 type: object
1096 description: Ingress contains configuration for the Console ingress.
1097 properties:
1098 annotations:
1099 type: object
1100 additionalProperties:
1101 type: string
1102 description: Optional annotations for the generated ingress.
1103 enabled:
1104 type: boolean
1105 description: Indicates if ingress is enabled (true when unspecified).
1106 endpoint:
1107 type: string
1108 description: If present, it's appended to the subdomain to form the ingress hostname.
1109 licenseRef:
1110 type: object
1111 description: If you don't provide an enterprise license, Console ignores configurations for enterprise features REF https://docs.redpanda.com/docs/console/reference/config/ If key is not provided in the SecretRef, Secret data should have key "license"
1112 properties:
1113 name:
1114 type: string
1115 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1116 namespace:
1117 type: string
1118 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1119 key:
1120 type: string
1121 description: Key in Secret data to get value from
1122 required:
1123 - name
1124 - namespace
1125 login:
1126 type: object
1127 description: Login contains all configurations in order to protect Console with a login screen Configure one or more of the below identity providers in order to support SSO This feature requires an Enterprise license REF https://docs.redpanda.com/docs/console/single-sign-on/identity-providers/google/
1128 properties:
1129 enabled:
1130 type: boolean
1131 google:
1132 type: object
1133 description: EnterpriseLoginGoogle defines configurable fields for Google provider
1134 properties:
1135 clientCredentialsRef:
1136 type: object
1137 description: ClientCredentials is the Secret that contains SSO credentials The Secret should contain keys "clientId", "clientSecret"
1138 properties:
1139 name:
1140 type: string
1141 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1142 namespace:
1143 type: string
1144 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1145 required:
1146 - name
1147 - namespace
1148 directory:
1149 type: object
1150 description: Use Google groups in your RBAC role bindings.
1151 properties:
1152 serviceAccountRef:
1153 type: object
1154 description: ServiceAccountRef is the ConfigMap that contains the Google Service Account json The ConfigMap should contain "sa.json" key
1155 properties:
1156 name:
1157 type: string
1158 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1159 targetPrincipal:
1160 type: string
1161 description: TargetPrincipal is the user that shall be impersonated by the service account
1162 required:
1163 - serviceAccountRef
1164 - targetPrincipal
1165 enabled:
1166 type: boolean
1167 required:
1168 - clientCredentialsRef
1169 - enabled
1170 jwtSecretRef:
1171 type: object
1172 description: JWTSecret is the Secret that is used to sign and encrypt the JSON Web tokens that are used by the backend for session management If not provided, the default key is "jwt"
1173 properties:
1174 name:
1175 type: string
1176 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1177 namespace:
1178 type: string
1179 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1180 key:
1181 type: string
1182 description: Key in Secret data to get value from
1183 required:
1184 - name
1185 - namespace
1186 redpandaCloud:
1187 type: object
1188 description: EnterpriseLoginRedpandaCloud defines configurable fields for RedpandaCloud SSO provider
1189 properties:
1190 allowedOrigins:
1191 type: array
1192 description: AllowedOrigins indicates if response is allowed from given origin
1193 items:
1194 type: string
1195 audience:
1196 type: string
1197 description: Audience is the domain where this auth is intended for
1198 domain:
1199 type: string
1200 description: Domain is the domain of the auth server
1201 enabled:
1202 type: boolean
1203 required:
1204 - audience
1205 - domain
1206 - enabled
1207 required:
1208 - enabled
1209 - jwtSecretRef
1210 metricsNamespace:
1211 type: string
1212 default: console
1213 description: Prefix for all exported prometheus metrics
1214 redpanda:
1215 type: object
1216 description: Redpanda contains configurations that are Redpanda specific
1217 properties:
1218 adminApi:
1219 type: object
1220 description: RedpandaAdmin defines API configuration that enables additional features that are Redpanda specific
1221 properties:
1222 enabled:
1223 type: boolean
1224 required:
1225 - enabled
1226 schema:
1227 type: object
1228 description: Schema defines configurable fields for Schema Registry
1229 properties:
1230 enabled:
1231 type: boolean
1232 required:
1233 - enabled
1234 serveFrontend:
1235 type: boolean
1236 default: true
1237 description: Only relevant for developers, who might want to run the frontend separately
1238 server:
1239 type: object
1240 description: Server is the Console app HTTP server config REF https://github.com/cloudhut/common/blob/b601d681e8599cee4255899def813142c0218e8b/rest/config.go
1241 properties:
1242 basePath:
1243 type: string
1244 description: Sets the subpath (root prefix) under which Kowl is reachable. If you want to host Kowl under 'your.domain.com/kowl/' you'd set the base path to 'kowl/'. The default is an empty string which makes Kowl reachable under just 'domain.com/'. When using this setting (or letting the 'X-Forwarded-Prefix' header set it for you) remember to either leave 'strip-prefix' enabled, or use a proxy that can strip the base-path/prefix before it reaches Kowl.
1245 compressionLevel:
1246 type: integer
1247 default: 4
1248 description: 'Compression level applied to all http responses. Valid values are: 0-9 (0=completely disable compression middleware, 1=weakest compression, 9=best compression)'
1249 gracefulShutdownTimeout:
1250 type: string
1251 default: 30s
1252 description: Timeout for graceful shutdowns
1253 format: duration
1254 idleTimeout:
1255 type: string
1256 default: 30s
1257 description: Idle timeout for HTTP server
1258 format: duration
1259 listenAddress:
1260 type: string
1261 description: HTTP server listen address
1262 listenPort:
1263 type: integer
1264 default: 8080
1265 description: HTTP server listen port
1266 readTimeout:
1267 type: string
1268 default: 30s
1269 description: Read timeout for HTTP server
1270 format: duration
1271 setBasePathFromXForwardedPrefix:
1272 type: boolean
1273 default: true
1274 description: server.set-base-path-from-x-forwarded-prefix", true, "When set to true, Kowl will use the 'X-Forwarded-Prefix' header as the base path. (When enabled the 'base-path' setting won't be used)
1275 stripPrefix:
1276 type: boolean
1277 default: true
1278 description: If a base-path is set (either by the 'base-path' setting, or by the 'X-Forwarded-Prefix' header), they will be removed from the request url. You probably want to leave this enabled, unless you are using a proxy that can remove the prefix automatically (like Traefik's 'StripPrefix' option)
1279 writeTimeout:
1280 type: string
1281 default: 30s
1282 description: Write timeout for HTTP server
1283 format: duration
1284 required:
1285 - clusterRef
1286 - connect
1287 - deployment
1288 - schema
1289 status:
1290 type: object
1291 description: ConsoleStatus defines the observed state of Console
1292 properties:
1293 configMapRef:
1294 type: object
1295 description: The ConfigMap used by Console This is used to pass the ConfigMap used to mount in the Deployment Resource since Ensure() only returns error
1296 properties:
1297 name:
1298 type: string
1299 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1300 namespace:
1301 type: string
1302 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1303 apiVersion:
1304 type: string
1305 description: API version of the referent.
1306 kind:
1307 type: string
1308 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1309 fieldPath:
1310 type: string
1311 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
1312 resourceVersion:
1313 type: string
1314 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
1315 uid:
1316 type: string
1317 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
1318 connectivity:
1319 type: object
1320 description: Connectivity defines internal/external hosts
1321 properties:
1322 external:
1323 type: string
1324 internal:
1325 type: string
1326 observedGeneration:
1327 type: integer
1328 description: The generation observed by the controller
1329 format: int64
1330 served: true
1331 storage: true
1332 subresources:
1333 status: {}
1334---
1335# permissions to do leader election.
1336apiVersion: rbac.authorization.k8s.io/v1
1337kind: Role
1338metadata:
1339 name: redpanda-leader-election-role
1340 namespace: redpanda-system
1341 annotations:
1342 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1343 pallet.edge.ncr.com/name: redpanda-system
1344 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1345 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1346 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1347 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1348 labels: {}
1349rules:
1350- resources:
1351 - configmaps
1352 - leases
1353 apiGroups:
1354 - ""
1355 - coordination.k8s.io
1356 verbs:
1357 - get
1358 - list
1359 - watch
1360 - create
1361 - update
1362 - patch
1363 - delete
1364- resources:
1365 - events
1366 apiGroups:
1367 - ""
1368 verbs:
1369 - create
1370 - patch
1371---
1372apiVersion: rbac.authorization.k8s.io/v1
1373kind: ClusterRole
1374metadata:
1375 name: redpanda-manager-role
1376 annotations:
1377 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1378 pallet.edge.ncr.com/name: redpanda-system
1379 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1380 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1381 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1382 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1383 labels: {}
1384rules:
1385- resources:
1386 - events
1387 apiGroups:
1388 - ""
1389 verbs:
1390 - create
1391 - get
1392 - list
1393 - patch
1394 - update
1395 - watch
1396- resources:
1397 - configmaps
1398 apiGroups:
1399 - apps
1400 verbs:
1401 - create
1402 - delete
1403 - get
1404 - list
1405 - patch
1406 - update
1407 - watch
1408- resources:
1409 - deployments
1410 apiGroups:
1411 - apps
1412 verbs:
1413 - create
1414 - delete
1415 - get
1416 - list
1417 - patch
1418 - update
1419 - watch
1420- resources:
1421 - statefulsets
1422 apiGroups:
1423 - apps
1424 verbs:
1425 - create
1426 - delete
1427 - get
1428 - list
1429 - patch
1430 - update
1431 - watch
1432- resources:
1433 - certificates
1434 - clusterissuers
1435 - issuers
1436 apiGroups:
1437 - cert-manager.io
1438 verbs:
1439 - create
1440 - delete
1441 - get
1442 - list
1443 - patch
1444 - update
1445 - watch
1446- resources:
1447 - configmaps
1448 apiGroups:
1449 - ""
1450 verbs:
1451 - create
1452 - delete
1453 - get
1454 - list
1455 - patch
1456 - update
1457 - watch
1458- resources:
1459 - nodes
1460 apiGroups:
1461 - ""
1462 verbs:
1463 - get
1464 - list
1465 - watch
1466- resources:
1467 - persistentvolumeclaims
1468 apiGroups:
1469 - ""
1470 verbs:
1471 - delete
1472 - get
1473 - list
1474 - watch
1475- resources:
1476 - pods
1477 apiGroups:
1478 - ""
1479 verbs:
1480 - delete
1481 - get
1482 - list
1483 - update
1484 - watch
1485- resources:
1486 - pods/finalizers
1487 apiGroups:
1488 - ""
1489 verbs:
1490 - update
1491- resources:
1492 - secrets
1493 apiGroups:
1494 - ""
1495 verbs:
1496 - create
1497 - get
1498 - list
1499 - update
1500 - watch
1501- resources:
1502 - serviceaccounts
1503 apiGroups:
1504 - ""
1505 verbs:
1506 - create
1507 - get
1508 - list
1509 - patch
1510 - update
1511 - watch
1512- resources:
1513 - services
1514 apiGroups:
1515 - ""
1516 verbs:
1517 - create
1518 - get
1519 - list
1520 - patch
1521 - update
1522 - watch
1523- resources:
1524 - ingresses
1525 apiGroups:
1526 - networking.k8s.io
1527 verbs:
1528 - create
1529 - delete
1530 - get
1531 - list
1532 - patch
1533 - update
1534 - watch
1535- resources:
1536 - poddisruptionbudgets
1537 apiGroups:
1538 - policy
1539 verbs:
1540 - create
1541 - delete
1542 - get
1543 - list
1544 - patch
1545 - update
1546 - watch
1547- resources:
1548 - clusterrolebindings
1549 - clusterroles
1550 apiGroups:
1551 - rbac.authorization.k8s.io
1552 verbs:
1553 - create
1554 - get
1555 - list
1556 - patch
1557 - update
1558 - watch
1559- resources:
1560 - clusters
1561 apiGroups:
1562 - redpanda.vectorized.io
1563 verbs:
1564 - create
1565 - delete
1566 - get
1567 - list
1568 - patch
1569 - update
1570 - watch
1571- resources:
1572 - clusters/finalizers
1573 apiGroups:
1574 - redpanda.vectorized.io
1575 verbs:
1576 - update
1577- resources:
1578 - clusters/status
1579 apiGroups:
1580 - redpanda.vectorized.io
1581 verbs:
1582 - get
1583 - patch
1584 - update
1585- resources:
1586 - consoles
1587 apiGroups:
1588 - redpanda.vectorized.io
1589 verbs:
1590 - create
1591 - delete
1592 - get
1593 - list
1594 - patch
1595 - update
1596 - watch
1597- resources:
1598 - consoles/finalizers
1599 apiGroups:
1600 - redpanda.vectorized.io
1601 verbs:
1602 - update
1603- resources:
1604 - consoles/status
1605 apiGroups:
1606 - redpanda.vectorized.io
1607 verbs:
1608 - get
1609 - patch
1610 - update
1611---
1612apiVersion: rbac.authorization.k8s.io/v1
1613kind: ClusterRole
1614metadata:
1615 name: redpanda-metrics-reader
1616 annotations:
1617 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1618 pallet.edge.ncr.com/name: redpanda-system
1619 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1620 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1621 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1622 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1623 labels: {}
1624rules:
1625- nonResourceURLs: ["/metrics"]
1626 verbs: ["get"]
1627---
1628apiVersion: rbac.authorization.k8s.io/v1
1629kind: ClusterRole
1630metadata:
1631 name: redpanda-proxy-role
1632 annotations:
1633 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1634 pallet.edge.ncr.com/name: redpanda-system
1635 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1636 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1637 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1638 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1639 labels: {}
1640rules:
1641- resources:
1642 - tokenreviews
1643 apiGroups: ["authentication.k8s.io"]
1644 verbs: ["create"]
1645- resources:
1646 - subjectaccessreviews
1647 apiGroups: ["authorization.k8s.io"]
1648 verbs: ["create"]
1649---
1650apiVersion: rbac.authorization.k8s.io/v1
1651kind: RoleBinding
1652metadata:
1653 name: redpanda-leader-election-rolebinding
1654 namespace: redpanda-system
1655 annotations:
1656 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1657 pallet.edge.ncr.com/name: redpanda-system
1658 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1659 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1660 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1661 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1662 labels: {}
1663roleRef:
1664 name: redpanda-leader-election-role
1665 kind: Role
1666 apiGroup: rbac.authorization.k8s.io
1667subjects:
1668- name: default
1669 namespace: redpanda-system
1670 kind: ServiceAccount
1671---
1672apiVersion: rbac.authorization.k8s.io/v1
1673kind: ClusterRoleBinding
1674metadata:
1675 name: redpanda-manager-rolebinding
1676 annotations:
1677 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1678 pallet.edge.ncr.com/name: redpanda-system
1679 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1680 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1681 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1682 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1683 labels: {}
1684roleRef:
1685 name: redpanda-manager-role
1686 kind: ClusterRole
1687 apiGroup: rbac.authorization.k8s.io
1688subjects:
1689- name: default
1690 namespace: redpanda-system
1691 kind: ServiceAccount
1692---
1693apiVersion: rbac.authorization.k8s.io/v1
1694kind: ClusterRoleBinding
1695metadata:
1696 name: redpanda-proxy-rolebinding
1697 annotations:
1698 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1699 pallet.edge.ncr.com/name: redpanda-system
1700 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1701 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1702 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1703 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1704 labels: {}
1705roleRef:
1706 name: redpanda-proxy-role
1707 kind: ClusterRole
1708 apiGroup: rbac.authorization.k8s.io
1709subjects:
1710- name: default
1711 namespace: redpanda-system
1712 kind: ServiceAccount
1713---
1714apiVersion: v1
1715kind: ConfigMap
1716metadata:
1717 name: redpanda-manager-config
1718 namespace: redpanda-system
1719 annotations:
1720 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1721 pallet.edge.ncr.com/name: redpanda-system
1722 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1723 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1724 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1725 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1726 labels: {}
1727data:
1728 controller_manager_config.yaml: |
1729 apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
1730 kind: ControllerManagerConfig
1731 health:
1732 healthProbeBindAddress: :8081
1733 leaderElection:
1734 leaderElect: true
1735 resourceName: aa9fc693.vectorized.io
1736 metrics:
1737 bindAddress: 127.0.0.1:8080
1738 webhook:
1739 port: 9443
1740---
1741apiVersion: v1
1742kind: Service
1743metadata:
1744 name: redpanda-controller-manager-metrics-service
1745 namespace: redpanda-system
1746 labels:
1747 control-plane: controller-manager
1748 annotations:
1749 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1750 pallet.edge.ncr.com/name: redpanda-system
1751 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1752 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1753 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1754 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1755spec:
1756 selector:
1757 control-plane: controller-manager
1758 ports:
1759 - name: https
1760 port: 8443
1761 targetPort: https
1762---
1763apiVersion: apps/v1
1764kind: Deployment
1765metadata:
1766 name: redpanda-controller-manager
1767 namespace: redpanda-system
1768 labels:
1769 control-plane: controller-manager
1770 annotations:
1771 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1772 pallet.edge.ncr.com/name: redpanda-system
1773 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1774 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1775 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1776 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1777spec:
1778 replicas: 1
1779 selector:
1780 matchLabels:
1781 control-plane: controller-manager
1782 template:
1783 metadata:
1784 labels:
1785 control-plane: controller-manager
1786 annotations:
1787 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
1788 pallet.edge.ncr.com/name: redpanda-system
1789 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
1790 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
1791 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
1792 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
1793 spec:
1794 terminationGracePeriodSeconds: 10
1795 containers:
1796 - name: kube-rbac-proxy
1797 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
1798 args:
1799 - "--secure-listen-address=0.0.0.0:8443"
1800 - "--upstream=http://127.0.0.1:8080/"
1801 - "--logtostderr=true"
1802 - "--v=10"
1803 ports:
1804 - name: https
1805 containerPort: 8443
1806 - name: manager
1807 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/index.docker.io/vectorized/redpanda-operator:v22.3.9
1808 command:
1809 - /manager
1810 args:
1811 - "--health-probe-bind-address=:8081"
1812 - "--metrics-bind-address=127.0.0.1:8080"
1813 - "--leader-elect"
1814 resources:
1815 limits:
1816 cpu: "100m"
1817 memory: 128Mi
1818 requests:
1819 cpu: 100m
1820 memory: 100Mi
1821 livenessProbe:
1822 httpGet:
1823 port: 8081
1824 path: /healthz
1825 initialDelaySeconds: 15
1826 periodSeconds: 20
1827 readinessProbe:
1828 httpGet:
1829 port: 8081
1830 path: /readyz
1831 initialDelaySeconds: 5
1832 periodSeconds: 10
1833 securityContext:
1834 allowPrivilegeEscalation: false
1835 imagePullPolicy: IfNotPresent
1836 securityContext:
1837 runAsUser: 65532
1838 affinity:
1839 nodeAffinity:
1840 preferredDuringSchedulingIgnoredDuringExecution:
1841 - weight: 100
1842 preference:
1843 matchExpressions:
1844 - key: node.ncr.com/class
1845 operator: In
1846 values:
1847 - server
View as plain text