apiVersion: v1 kind: Namespace metadata: name: redpanda-system labels: control-plane: controller-manager annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusters.redpanda.vectorized.io annotations: controller-gen.kubebuilder.io/version: v0.4.1 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: redpanda.vectorized.io names: kind: Cluster listKind: ClusterList plural: clusters singular: cluster scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: Cluster is the Schema for the clusters API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClusterSpec defines the desired state of Cluster properties: annotations: type: object additionalProperties: type: string description: If specified, Redpanda Pod annotations replicas: type: integer description: Replicas determine how big the cluster will be. format: int32 minimum: 0 nodeSelector: type: object additionalProperties: type: string description: If specified, Redpanda Pod node selectors. For reference please visit https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node tolerations: type: array description: If specified, Redpanda Pod tolerations items: type: object description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: value: type: string description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. effect: type: string description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. key: type: string description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. operator: type: string description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. tolerationSeconds: type: integer description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 image: type: string description: Image is the fully qualified name of the Redpanda container resources: type: object description: Resources used by redpanda process running in container. Beware that there are multiple containers running in the redpanda pod and these can be enabled/disabled and configured from the `sidecars` field. These containers have separate resources settings and the amount of resources assigned to these containers will be required on the cluster on top of the resources defined here properties: limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' redpanda: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Redpanda describes the amount of compute resources passed to redpanda. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' additionalConfiguration: type: object additionalProperties: type: string description: "For configuration parameters not exposed, a map can be provided for string values. Such values are passed transparently to Redpanda. The key format is \".field\", e.g., \n additionalConfiguration: redpanda.enable_idempotence: \"true\" redpanda.default_topic_partitions: \"3\" pandaproxy_client.produce_batch_size_bytes: \"2097152\" \n Notes: 1. versioning is not supported for map keys 2. key names not supported by Redpanda will lead to failure on start up 3. updating this map requires a manual restart of the Redpanda pods. Please be aware of sync period when one Redpandais POD is restarted 4. cannot have keys that conflict with existing struct fields - it leads to panic \n By default if Replicas is 3 or more and redpanda.default_topic_partitions is not set default webhook is setting redpanda.default_topic_partitions to 3." cloudStorage: type: object description: Cloud storage configuration for cluster properties: secretKeyRef: type: object description: 'Reference to (Kubernetes) Secret containing the cloud storage secret key. SecretKeyRef must contain the name and namespace of the Secret. The Secret must contain a data entry of the form: data[] = ' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' accessKey: type: string description: Cloud storage access key apiEndpoint: type: string description: API endpoint for data storage apiEndpointPort: type: integer description: Used to override TLS port (443) bucket: type: string description: Cloud storage bucket cacheStorage: type: object description: Cache directory that will be mounted for Redpanda properties: capacity: anyOf: - type: integer - type: string description: Storage capacity requested pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClassName: type: string description: Storage class name - https://kubernetes.io/docs/concepts/storage/storage-classes/ credentialsSource: type: string description: Determines how to load credentials for archival storage. Supported values are config_file (default), aws_instance_metadata, sts, gcp_instance_metadata (see the cloud_storage_credentials_source property at https://docs.redpanda.com/docs/reference/cluster-properties/). When using config_file then accessKey and secretKeyRef are mandatory. disableTLS: type: boolean description: Disable TLS (can be used in tests) enabled: type: boolean description: Enables data archiving feature maxConnections: type: integer description: Number of simultaneous uploads per shard (default - 20) reconciliationIntervalMs: type: integer description: Reconciliation period (default - 10s) region: type: string description: Cloud storage region trustfile: type: string description: Path to certificate that should be used to validate server certificate required: - enabled configuration: type: object description: Configuration represent redpanda specific configuration properties: adminApi: type: array items: type: object description: AdminAPI configures listener for the Redpanda Admin API properties: port: type: integer external: type: object description: External enables user to expose Redpanda admin API outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig properties: subdomain: type: string description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name. bootstrapLoadBalancer: type: object description: Configures a load balancer for bootstrapping properties: annotations: type: object additionalProperties: type: string description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations. port: type: integer description: The port used to communicate to the load balancer. enabled: type: boolean description: Enabled enables the external connectivity feature endpointTemplate: type: string description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic." preferredAddressType: type: string description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty. tls: type: object description: Configuration of TLS for Admin API properties: enabled: type: boolean requireClientAuth: type: boolean autoCreateTopics: type: boolean description: Enable auto-creation of topics. Reference https://kafka.apache.org/documentation/#brokerconfigs_auto.create.topics.enable developerMode: type: boolean groupTopicPartitions: type: integer description: Number of partitions in the internal group membership topic kafkaApi: type: array items: type: object description: KafkaAPI configures listener for the Kafka API properties: port: type: integer authenticationMethod: type: string description: 'AuthenticationMethod can enable authentication method per Kafka listener. Available options are: none, sasl, mtls_identity. https://docs.redpanda.com/docs/security/authentication/' external: type: object description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig properties: subdomain: type: string description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name. bootstrapLoadBalancer: type: object description: Configures a load balancer for bootstrapping properties: annotations: type: object additionalProperties: type: string description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations. port: type: integer description: The port used to communicate to the load balancer. enabled: type: boolean description: Enabled enables the external connectivity feature endpointTemplate: type: string description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic." preferredAddressType: type: string description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty. tls: type: object description: Configuration of TLS for Kafka API properties: enabled: type: boolean issuerRef: type: object description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate. properties: name: type: string description: Name of the resource being referred to. kind: type: string description: Kind of the resource being referred to. group: type: string description: Group of the resource being referred to. required: - name nodeSecretRef: type: object description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' requireClientAuth: type: boolean description: Enables two-way verification on the server side. If enabled, all Kafka API clients are required to have a valid client certificate. pandaproxyApi: type: array items: type: object description: PandaproxyAPI configures listener for the Pandaproxy API properties: port: type: integer authenticationMethod: type: string description: 'AuthenticationMethod can enable authentication method per pandaproxy listener. Available options are: none, http_basic.' external: type: object description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig properties: subdomain: type: string description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name. bootstrapLoadBalancer: type: object description: Configures a load balancer for bootstrapping properties: annotations: type: object additionalProperties: type: string description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations. port: type: integer description: The port used to communicate to the load balancer. enabled: type: boolean description: Enabled enables the external connectivity feature endpointTemplate: type: string description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic." ingress: type: object description: Configures a ingress resource properties: annotations: type: object additionalProperties: type: string description: Optional annotations for the generated ingress. enabled: type: boolean description: Indicates if ingress is enabled (true when unspecified). endpoint: type: string description: If present, it's appended to the subdomain to form the ingress hostname. preferredAddressType: type: string description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty. tls: type: object description: Configuration of TLS for Pandaproxy API properties: enabled: type: boolean issuerRef: type: object description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate. properties: name: type: string description: Name of the resource being referred to. kind: type: string description: Kind of the resource being referred to. group: type: string description: Group of the resource being referred to. required: - name nodeSecretRef: type: object description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' requireClientAuth: type: boolean description: Enables two-way verification on the server side. If enabled, all Pandaproxy API clients are required to have a valid client certificate. rpcServer: type: object description: SocketAddress provide the way to configure the port properties: port: type: integer schemaRegistry: type: object description: SchemaRegistryAPI configures the schema registry API properties: port: type: integer description: Port will set the schema registry listener port in Redpanda configuration. If not set the default will be 8081 authenticationMethod: type: string description: 'AuthenticationMethod can enable authentication method per schema registry listener. Available options are: none, http_basic.' external: type: object description: External enables user to expose Redpanda nodes outside of a Kubernetes cluster. For more information please go to ExternalConnectivityConfig properties: subdomain: type: string description: Subdomain can be used to change the behavior of an advertised KafkaAPI. Each broker advertises Kafka API as follows ENDPOINT.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT. If Subdomain is empty then each broker advertises Kafka API as PUBLIC_NODE_IP:EXTERNAL_KAFKA_API_PORT. If TLS is enabled then this subdomain will be requested as a subject alternative name. bootstrapLoadBalancer: type: object description: Configures a load balancer for bootstrapping properties: annotations: type: object additionalProperties: type: string description: If specified, sets the load balancer service annotations. Example usage includes configuring the load balancer to be an internal one through provider-specific annotations. port: type: integer description: The port used to communicate to the load balancer. enabled: type: boolean description: Enabled enables the external connectivity feature endpoint: type: string description: Indicates the global endpoint that (together with subdomain), should be advertised for schema registry. endpointTemplate: type: string description: "EndpointTemplate is a Golang template string that allows customizing each broker advertised address. Redpanda uses the format BROKER_ID.SUBDOMAIN:EXTERNAL_KAFKA_API_PORT by default for advertised addresses. When an EndpointTemplate is provided, then the BROKER_ID part is replaced with the endpoint computed from the template. The following variables are available to the template: - Index: the Redpanda broker progressive number - HostIP: the ip address of the Node, as reported in pod status \n Common template functions from Sprig (http://masterminds.github.io/sprig/) are also available. The set of available functions is limited to hermetic functions because template application needs to be deterministic." preferredAddressType: type: string description: The preferred address type to be assigned to the external advertised addresses. The valid types are ExternalDNS, ExternalIP, InternalDNS, InternalIP, and Hostname. When the address of the preferred type is not found the advertised addresses remains empty. The default preferred address type is ExternalIP. This option only applies when Subdomain is empty. staticNodePort: type: boolean description: Indicates that the node port for the service needs not to be generated. tls: type: object description: TLS is the configuration for schema registry properties: enabled: type: boolean issuerRef: type: object description: References cert-manager Issuer or ClusterIssuer. When provided, this issuer will be used to issue node certificates. Typically you want to provide the issuer when a generated self-signed one is not enough and you need to have a verifiable chain with a proper CA certificate. properties: name: type: string description: Name of the resource being referred to. kind: type: string description: Kind of the resource being referred to. group: type: string description: Group of the resource being referred to. required: - name nodeSecretRef: type: object description: 'If provided, operator uses certificate in this secret instead of issuing its own node certificate. The secret is expected to provide the following keys: ''ca.crt'', ''tls.key'' and ''tls.crt'' If NodeSecretRef points to secret in different namespace, operator will duplicate the secret to the same namespace as redpanda CRD to be able to mount it to the nodes' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' requireClientAuth: type: boolean description: Enables two-way verification on the server side. If enabled, all SchemaRegistry clients are required to have a valid client certificate. required: - port dnsTrailingDotDisabled: type: boolean description: DNSTrailingDotDisabled gives ability to turn off the fully-qualified DNS name. http://www.dns-sd.org/trailingdotsindomainnames.html enableSasl: type: boolean description: 'SASL enablement flag Deprecated: replaced by "kafkaEnableAuthorization"' kafkaEnableAuthorization: type: boolean description: "Enable authorization for Kafka connections. Values are: \n - `nil`: Ignored. Authorization is enabled with `enable_sasl: true` \n - `true`: authorization is required \n - `false`: authorization is disabled; \n See also `enableSasl` and `configuration.kafkaApi[].authenticationMethod`" licenseRef: type: object description: If key is not provided in the SecretRef, Secret data should have key "license" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' key: type: string description: Key in Secret data to get value from required: - name - namespace podDisruptionBudget: type: object description: PodDisruptionBudget specifies whether PDB resource should be created for the cluster and how should it be configured. By default this is enabled and defaults to MaxUnavailable=1 properties: enabled: type: boolean description: Enabled specifies whether PDB should be generated for the cluster. It defaults to true maxUnavailable: anyOf: - type: integer - type: string description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable". This property defaults to 1. you can read more in https://kubernetes.io/docs/tasks/run-application/configure-pdb/ x-kubernetes-int-or-string: true minAvailable: anyOf: - type: integer - type: string description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". This is a mutually exclusive setting with "maxUnavailable". you can read more in https://kubernetes.io/docs/tasks/run-application/configure-pdb/ x-kubernetes-int-or-string: true restartConfig: type: object description: RestartConfig allows to control the behavior of the cluster when restarting properties: disableMaintenanceModeHooks: type: boolean description: DisableMaintenanceModeHooks deactivates the preStop and postStart hooks that force nodes to enter maintenance mode when stopping and exit maintenance mode when up again sidecars: type: object description: Sidecars is list of sidecars run alongside redpanda container properties: rpkStatus: type: object description: RpkStatus is sidecar running rpk status collecting status information from the running node properties: resources: type: object description: Resources are resource requirements and limits for the container running this sidecar. For the default sidecars this is defaulted properties: limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' enabled: type: boolean description: Enabled if false, the sidecar won't be added to the pod running redpanda node storage: type: object description: Storage spec for cluster properties: capacity: anyOf: - type: integer - type: string description: Storage capacity requested pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClassName: type: string description: Storage class name - https://kubernetes.io/docs/concepts/storage/storage-classes/ superUsers: type: array description: List of superusers items: type: object description: Superuser has full access to the Redpanda cluster properties: username: type: string required: - username version: type: string description: Version is the Redpanda container tag required: - resources status: type: object description: ClusterStatus defines the observed state of Cluster properties: replicas: type: integer description: Replicas show how many nodes have been created for the cluster format: int32 conditions: type: array description: Current state of the cluster. items: type: object description: ClusterCondition contains details for the current conditions of the cluster properties: type: type: string description: Type is the type of the condition enum: - ClusterConfigured status: type: string description: Status is the status of the condition lastTransitionTime: type: string description: Last time the condition transitioned from one status to another format: date-time message: type: string description: Human-readable message indicating details about last transition reason: type: string description: Unique, one-word, CamelCase reason for the condition's last transition required: - status - type currentReplicas: type: integer description: CurrentReplicas is the number of Pods that the controller currently wants to run for the cluster. format: int32 decommissioningNode: type: integer description: Indicates that a node is currently being decommissioned from the cluster and provides its ordinal number format: int32 nodes: type: object description: Nodes of the provisioned redpanda nodes properties: external: type: array items: type: string externalAdmin: type: array items: type: string externalBootstrap: type: object description: LoadBalancerStatus reports the load balancer status as generated by the load balancer core service properties: ingress: type: array description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. items: type: object description: 'LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' properties: hostname: type: string description: Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) ports: type: array description: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it items: type: object properties: protocol: type: string default: TCP description: 'Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"' port: type: integer description: Port is the port number of the service port of which status is recorded here format: int32 error: type: string description: 'Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ required: - port - protocol x-kubernetes-list-type: atomic ip: type: string description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) externalPandaproxy: type: array items: type: string internal: type: array items: type: string pandaproxyIngress: type: string schemaRegistry: type: object description: SchemaRegistryStatus reports addresses where schema registry can be reached properties: external: type: string description: "External address should be registered in DNS provider using all public IP of a nodes that Redpanda is scheduled on. \n The External is empty when subdomain is not provided." externalNodeIPs: type: array description: ExternalNodeIPs is only filled when the Schema Registry external connectivity feature flag is enabled, but the subdomain is empty. This gives user ability to register all addresses individually in DNS provider of choice. items: type: string internal: type: string readyReplicas: type: integer description: ReadyReplicas is the number of Pods belonging to the cluster that have a Ready Condition. format: int32 restarting: type: boolean description: Indicates that a cluster is restarting due to an upgrade or a different reason upgrading: type: boolean description: 'Indicates cluster is upgrading. Deprecated: replaced by "restarting"' version: type: string description: Current version of the cluster. served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: consoles.redpanda.vectorized.io annotations: controller-gen.kubebuilder.io/version: v0.4.1 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: redpanda.vectorized.io names: kind: Console listKind: ConsoleList plural: consoles singular: console scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: Console is the Schema for the consoles API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ConsoleSpec defines the desired state of Console Most of the fields here are copied from Console config REF https://github.com/redpanda-data/console/blob/master/backend/pkg/api/config.go properties: cloud: type: object description: Cloud contains configurations for Redpanda cloud. If you're running a self-hosted installation, you can ignore this properties: prometheusEndpoint: type: object description: PrometheusEndpointConfig configures the Prometheus endpoint that shall be exposed in Redpanda Cloud so that users can scrape this URL to collect their dataplane's metrics in their own time-series database. properties: basicAuth: type: object description: BasicAuthConfig are credentials that will be required by the user in order to scrape the endpoint properties: passwordRef: type: object description: SecretKeyRef contains enough information to inspect or modify the referred Secret data REF https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' key: type: string description: Key in Secret data to get value from required: - name - namespace username: type: string required: - passwordRef - username enabled: type: boolean prometheus: type: object description: PrometheusConfig is configuration of prometheus instance properties: address: type: string description: Address to Prometheus endpoint jobs: type: array description: Jobs is the list of Prometheus Jobs that we want to discover so that we can then scrape the discovered targets ourselves. items: type: object description: PrometheusScraperJobConfig is the configuration object that determines what Prometheus targets we should scrape. properties: jobName: type: string description: JobName refers to the Prometheus job name whose discovered targets we want to scrape keepLabels: type: array description: KeepLabels is a list of label keys that are added by Prometheus when scraping the target and should remain for all metrics as exposed to the Prometheus endpoint. items: type: string required: - jobName - keepLabels targetRefreshInterval: type: string default: 10s required: - address - jobs responseCacheDuration: type: string default: 1s format: duration required: - enabled - prometheus required: - prometheusEndpoint clusterRef: type: object description: The referenced Redpanda Cluster properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' required: - name - namespace connect: type: object description: Connect defines configurable fields for Kafka Connect properties: clusters: type: array items: type: object description: ConnectCluster defines configurable fields for the Kafka Connect cluster properties: name: type: string basicAuthRef: type: object description: BasicAuthRef configures basic auth credentials referenced by Secret Expects to have keys "username", "password" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' tls: type: object description: TLS configures mTLS auth properties: secretKeyRef: type: object description: SecretKeyRef configures certificate used for mTLS auth referenced by Secret Expects to have keys "tls.crt", "tls.key", "ca.crt" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' enabled: type: boolean insecureSkipTlsVerify: type: boolean tokenRef: type: object description: TokenRef configures token header auth referenced by Secret Expects to have key "token" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' url: type: string required: - name - url connectTimeout: type: string default: 15s format: duration enabled: type: boolean readTimeout: type: string default: 60s format: duration requestTimeout: type: string default: 6s format: duration deployment: type: object description: Deployment defines configurable fields for the Console Deployment resource properties: replicas: type: integer default: 1 format: int32 image: type: string maxSurge: type: integer default: 1 format: int32 maxUnavailable: type: integer default: 0 format: int32 required: - image enterprise: type: object description: Enterprise defines configurable fields for features that require license properties: rbac: type: object description: Console uses role-based access control (RBAC) to restrict system access to authorized users properties: enabled: type: boolean roleBindingsRef: type: object description: RoleBindingsRef is the ConfigMap that contains the RBAC file The ConfigMap should contain "rbac.yaml" key properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' required: - enabled - roleBindingsRef required: - rbac ingress: type: object description: Ingress contains configuration for the Console ingress. properties: annotations: type: object additionalProperties: type: string description: Optional annotations for the generated ingress. enabled: type: boolean description: Indicates if ingress is enabled (true when unspecified). endpoint: type: string description: If present, it's appended to the subdomain to form the ingress hostname. licenseRef: type: object description: If you don't provide an enterprise license, Console ignores configurations for enterprise features REF https://docs.redpanda.com/docs/console/reference/config/ If key is not provided in the SecretRef, Secret data should have key "license" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' key: type: string description: Key in Secret data to get value from required: - name - namespace login: type: object description: Login contains all configurations in order to protect Console with a login screen Configure one or more of the below identity providers in order to support SSO This feature requires an Enterprise license REF https://docs.redpanda.com/docs/console/single-sign-on/identity-providers/google/ properties: enabled: type: boolean google: type: object description: EnterpriseLoginGoogle defines configurable fields for Google provider properties: clientCredentialsRef: type: object description: ClientCredentials is the Secret that contains SSO credentials The Secret should contain keys "clientId", "clientSecret" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' required: - name - namespace directory: type: object description: Use Google groups in your RBAC role bindings. properties: serviceAccountRef: type: object description: ServiceAccountRef is the ConfigMap that contains the Google Service Account json The ConfigMap should contain "sa.json" key properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' targetPrincipal: type: string description: TargetPrincipal is the user that shall be impersonated by the service account required: - serviceAccountRef - targetPrincipal enabled: type: boolean required: - clientCredentialsRef - enabled jwtSecretRef: type: object description: JWTSecret is the Secret that is used to sign and encrypt the JSON Web tokens that are used by the backend for session management If not provided, the default key is "jwt" properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' key: type: string description: Key in Secret data to get value from required: - name - namespace redpandaCloud: type: object description: EnterpriseLoginRedpandaCloud defines configurable fields for RedpandaCloud SSO provider properties: allowedOrigins: type: array description: AllowedOrigins indicates if response is allowed from given origin items: type: string audience: type: string description: Audience is the domain where this auth is intended for domain: type: string description: Domain is the domain of the auth server enabled: type: boolean required: - audience - domain - enabled required: - enabled - jwtSecretRef metricsNamespace: type: string default: console description: Prefix for all exported prometheus metrics redpanda: type: object description: Redpanda contains configurations that are Redpanda specific properties: adminApi: type: object description: RedpandaAdmin defines API configuration that enables additional features that are Redpanda specific properties: enabled: type: boolean required: - enabled schema: type: object description: Schema defines configurable fields for Schema Registry properties: enabled: type: boolean required: - enabled serveFrontend: type: boolean default: true description: Only relevant for developers, who might want to run the frontend separately server: type: object description: Server is the Console app HTTP server config REF https://github.com/cloudhut/common/blob/b601d681e8599cee4255899def813142c0218e8b/rest/config.go properties: basePath: type: string description: Sets the subpath (root prefix) under which Kowl is reachable. If you want to host Kowl under 'your.domain.com/kowl/' you'd set the base path to 'kowl/'. The default is an empty string which makes Kowl reachable under just 'domain.com/'. When using this setting (or letting the 'X-Forwarded-Prefix' header set it for you) remember to either leave 'strip-prefix' enabled, or use a proxy that can strip the base-path/prefix before it reaches Kowl. compressionLevel: type: integer default: 4 description: 'Compression level applied to all http responses. Valid values are: 0-9 (0=completely disable compression middleware, 1=weakest compression, 9=best compression)' gracefulShutdownTimeout: type: string default: 30s description: Timeout for graceful shutdowns format: duration idleTimeout: type: string default: 30s description: Idle timeout for HTTP server format: duration listenAddress: type: string description: HTTP server listen address listenPort: type: integer default: 8080 description: HTTP server listen port readTimeout: type: string default: 30s description: Read timeout for HTTP server format: duration setBasePathFromXForwardedPrefix: type: boolean default: true description: server.set-base-path-from-x-forwarded-prefix", true, "When set to true, Kowl will use the 'X-Forwarded-Prefix' header as the base path. (When enabled the 'base-path' setting won't be used) stripPrefix: type: boolean default: true description: If a base-path is set (either by the 'base-path' setting, or by the 'X-Forwarded-Prefix' header), they will be removed from the request url. You probably want to leave this enabled, unless you are using a proxy that can remove the prefix automatically (like Traefik's 'StripPrefix' option) writeTimeout: type: string default: 30s description: Write timeout for HTTP server format: duration required: - clusterRef - connect - deployment - schema status: type: object description: ConsoleStatus defines the observed state of Console properties: configMapRef: type: object description: The ConfigMap used by Console This is used to pass the ConfigMap used to mount in the Deployment Resource since Ensure() only returns error properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' namespace: type: string description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' apiVersion: type: string description: API version of the referent. kind: type: string description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' fieldPath: type: string description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' resourceVersion: type: string description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' uid: type: string description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' connectivity: type: object description: Connectivity defines internal/external hosts properties: external: type: string internal: type: string observedGeneration: type: integer description: The generation observed by the controller format: int64 served: true storage: true subresources: status: {} --- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: redpanda-leader-election-role namespace: redpanda-system annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - resources: - configmaps - leases apiGroups: - "" - coordination.k8s.io verbs: - get - list - watch - create - update - patch - delete - resources: - events apiGroups: - "" verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: redpanda-manager-role annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - resources: - events apiGroups: - "" verbs: - create - get - list - patch - update - watch - resources: - configmaps apiGroups: - apps verbs: - create - delete - get - list - patch - update - watch - resources: - deployments apiGroups: - apps verbs: - create - delete - get - list - patch - update - watch - resources: - statefulsets apiGroups: - apps verbs: - create - delete - get - list - patch - update - watch - resources: - certificates - clusterissuers - issuers apiGroups: - cert-manager.io verbs: - create - delete - get - list - patch - update - watch - resources: - configmaps apiGroups: - "" verbs: - create - delete - get - list - patch - update - watch - resources: - nodes apiGroups: - "" verbs: - get - list - watch - resources: - persistentvolumeclaims apiGroups: - "" verbs: - delete - get - list - watch - resources: - pods apiGroups: - "" verbs: - delete - get - list - update - watch - resources: - pods/finalizers apiGroups: - "" verbs: - update - resources: - secrets apiGroups: - "" verbs: - create - get - list - update - watch - resources: - serviceaccounts apiGroups: - "" verbs: - create - get - list - patch - update - watch - resources: - services apiGroups: - "" verbs: - create - get - list - patch - update - watch - resources: - ingresses apiGroups: - networking.k8s.io verbs: - create - delete - get - list - patch - update - watch - resources: - poddisruptionbudgets apiGroups: - policy verbs: - create - delete - get - list - patch - update - watch - resources: - clusterrolebindings - clusterroles apiGroups: - rbac.authorization.k8s.io verbs: - create - get - list - patch - update - watch - resources: - clusters apiGroups: - redpanda.vectorized.io verbs: - create - delete - get - list - patch - update - watch - resources: - clusters/finalizers apiGroups: - redpanda.vectorized.io verbs: - update - resources: - clusters/status apiGroups: - redpanda.vectorized.io verbs: - get - patch - update - resources: - consoles apiGroups: - redpanda.vectorized.io verbs: - create - delete - get - list - patch - update - watch - resources: - consoles/finalizers apiGroups: - redpanda.vectorized.io verbs: - update - resources: - consoles/status apiGroups: - redpanda.vectorized.io verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: redpanda-metrics-reader annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - nonResourceURLs: ["/metrics"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: redpanda-proxy-role annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} rules: - resources: - tokenreviews apiGroups: ["authentication.k8s.io"] verbs: ["create"] - resources: - subjectaccessreviews apiGroups: ["authorization.k8s.io"] verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: redpanda-leader-election-rolebinding namespace: redpanda-system annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} roleRef: name: redpanda-leader-election-role kind: Role apiGroup: rbac.authorization.k8s.io subjects: - name: default namespace: redpanda-system kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: redpanda-manager-rolebinding annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} roleRef: name: redpanda-manager-role kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: default namespace: redpanda-system kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: redpanda-proxy-rolebinding annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} roleRef: name: redpanda-proxy-role kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: default namespace: redpanda-system kind: ServiceAccount --- apiVersion: v1 kind: ConfigMap metadata: name: redpanda-manager-config namespace: redpanda-system annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 leaderElection: leaderElect: true resourceName: aa9fc693.vectorized.io metrics: bindAddress: 127.0.0.1:8080 webhook: port: 9443 --- apiVersion: v1 kind: Service metadata: name: redpanda-controller-manager-metrics-service namespace: redpanda-system labels: control-plane: controller-manager annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: selector: control-plane: controller-manager ports: - name: https port: 8443 targetPort: https --- apiVersion: apps/v1 kind: Deployment metadata: name: redpanda-controller-manager namespace: redpanda-system labels: control-plane: controller-manager annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: redpanda-system pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: terminationGracePeriodSeconds: 10 containers: - name: kube-rbac-proxy image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=10" ports: - name: https containerPort: 8443 - name: manager image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/index.docker.io/vectorized/redpanda-operator:v22.3.9 command: - /manager args: - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" resources: limits: cpu: "100m" memory: 128Mi requests: cpu: 100m memory: 100Mi livenessProbe: httpGet: port: 8081 path: /healthz initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: port: 8081 path: /readyz initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false imagePullPolicy: IfNotPresent securityContext: runAsUser: 65532 affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: node.ncr.com/class operator: In values: - server