1apiVersion: v1
2kind: Namespace
3metadata:
4 annotations:
5 cnrm.cloud.google.com/operator-version: 1.106.0
6 labels:
7 cnrm.cloud.google.com/operator-system: "true"
8 name: configconnector-operator-system
9---
10apiVersion: apiextensions.k8s.io/v1
11kind: CustomResourceDefinition
12metadata:
13 annotations:
14 cnrm.cloud.google.com/operator-version: 1.106.0
15 controller-gen.kubebuilder.io/version: v0.10.0
16 creationTimestamp: null
17 labels:
18 cnrm.cloud.google.com/operator-system: "true"
19 name: configconnectorcontexts.core.cnrm.cloud.google.com
20spec:
21 group: core.cnrm.cloud.google.com
22 names:
23 kind: ConfigConnectorContext
24 listKind: ConfigConnectorContextList
25 plural: configconnectorcontexts
26 singular: configconnectorcontext
27 scope: Namespaced
28 versions:
29 - additionalPrinterColumns:
30 - jsonPath: .metadata.creationTimestamp
31 name: Age
32 type: date
33 - description: When 'true' the most recent reconcile of the ConfigConnectorContext
34 object succeeded
35 jsonPath: .status.healthy
36 name: Healthy
37 type: string
38 name: v1beta1
39 schema:
40 openAPIV3Schema:
41 description: ConfigConnectorContext is the Schema for the ConfigConnectorContexts
42 API
43 properties:
44 apiVersion:
45 description: 'APIVersion defines the versioned schema of this representation
46 of an object. Servers should convert recognized schemas to the latest
47 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
48 type: string
49 kind:
50 description: 'Kind is a string value representing the REST resource this
51 object represents. Servers may infer this from the endpoint the client
52 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
53 type: string
54 metadata:
55 type: object
56 spec:
57 description: ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext
58 properties:
59 billingProject:
60 description: Specifies the project to use for preconditions, quota
61 and billing. Should only be used when requestProjectPolicy is set
62 to BILLING_PROJECT.
63 type: string
64 googleServiceAccount:
65 description: The Google Service Account to be used by Config Connector
66 to authenticate with Google Cloud APIs in the associated namespace.
67 type: string
68 requestProjectPolicy:
69 description: Specifies which project to use for preconditions, quota,
70 and billing for requests made to Google Cloud APIs for resources
71 in the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT',
72 'RESOURCE_PROJECT', or 'BILLING_PROJECT. Defaults to 'SERVICE_ACCOUNT_PROJECT'.
73 If set to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google
74 Service Account belongs to. If set to 'RESOURCE_PROJECT', uses the
75 project that the resource belongs to. If set to 'BILLING_PROJECT',
76 uses the project specified by spec.billingProject.
77 enum:
78 - SERVICE_ACCOUNT_PROJECT
79 - RESOURCE_PROJECT
80 - BILLING_PROJECT
81 type: string
82 required:
83 - googleServiceAccount
84 type: object
85 status:
86 description: ConfigConnectorContextStatus defines the observed state of
87 ConfigConnectorContext
88 properties:
89 errors:
90 items:
91 type: string
92 type: array
93 healthy:
94 type: boolean
95 phase:
96 type: string
97 required:
98 - healthy
99 type: object
100 required:
101 - spec
102 type: object
103 served: true
104 storage: true
105 subresources:
106 status: {}
107---
108apiVersion: apiextensions.k8s.io/v1
109kind: CustomResourceDefinition
110metadata:
111 annotations:
112 cnrm.cloud.google.com/operator-version: 1.106.0
113 controller-gen.kubebuilder.io/version: v0.10.0
114 creationTimestamp: null
115 labels:
116 cnrm.cloud.google.com/operator-system: "true"
117 name: configconnectors.core.cnrm.cloud.google.com
118spec:
119 group: core.cnrm.cloud.google.com
120 names:
121 kind: ConfigConnector
122 listKind: ConfigConnectorList
123 plural: configconnectors
124 singular: configconnector
125 scope: Cluster
126 versions:
127 - additionalPrinterColumns:
128 - jsonPath: .metadata.creationTimestamp
129 name: Age
130 type: date
131 - description: When 'true' the most recent reconcile of the ConfigConnector object
132 succeeded
133 jsonPath: .status.healthy
134 name: Healthy
135 type: string
136 name: v1beta1
137 schema:
138 openAPIV3Schema:
139 description: ConfigConnector is the Schema for the configconnectors API
140 properties:
141 apiVersion:
142 description: 'APIVersion defines the versioned schema of this representation
143 of an object. Servers should convert recognized schemas to the latest
144 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
145 type: string
146 kind:
147 description: 'Kind is a string value representing the REST resource this
148 object represents. Servers may infer this from the endpoint the client
149 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
150 type: string
151 metadata:
152 type: object
153 spec:
154 anyOf:
155 - oneOf:
156 - not:
157 required:
158 - googleServiceAccount
159 required:
160 - credentialSecretName
161 - not:
162 required:
163 - credentialSecretName
164 required:
165 - googleServiceAccount
166 properties:
167 mode:
168 enum:
169 - cluster
170 - not:
171 anyOf:
172 - required:
173 - googleServiceAccount
174 - required:
175 - credentialSecretName
176 properties:
177 mode:
178 enum:
179 - namespaced
180 description: ConfigConnectorSpec defines the desired state of ConfigConnector
181 properties:
182 credentialSecretName:
183 description: The Kubernetes secret that contains the Google Service
184 Account Key's credentials to be used by ConfigConnector to authenticate
185 with Google Cloud APIs. This field is used only when in cluster
186 mode. It's recommended to use `googleServiceAccount` when running
187 ConfigConnector in Google Kubernetes Engine (GKE) clusters with
188 Workload Identity enabled. This field cannot be specified together
189 with `googleServiceAccount`.
190 type: string
191 googleServiceAccount:
192 description: The Google Service Account to be used by Config Connector
193 to authenticate with Google Cloud APIs. This field is used only
194 when running in cluster mode with Workload Identity enabled. See
195 Google Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)
196 for details. This field cannot be specified together with `credentialSecretName`.
197 For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext
198 CRD to specify the Google Service Account to be used to authenticate
199 with Google Cloud APIs per namespace.
200 type: string
201 mode:
202 description: The mode that Config Connector will run in. This can
203 be either 'cluster' or 'namespaced'. The default is 'namespaced'.
204 Cluster mode uses a single Google Service Account to create and
205 manage resources, even if you are using Config Connector to manage
206 multiple Projects. You must specify either `credentialSecretName`
207 or `googleServiceAccount` when in cluster mode, but not both. Namespaced
208 mode allows you to use different Google service accounts for different
209 Projects. When in namespaced mode, you must create a ConfigConnectorContext
210 object per namespace that you want to enable Config Connector in,
211 and each must set `googleServiceAccount` to specify the Google Service
212 Account to be used to authenticate with Google Cloud APIs for the
213 namespace.
214 enum:
215 - cluster
216 - namespaced
217 type: string
218 type: object
219 status:
220 description: ConfigConnectorStatus defines the observed state of ConfigConnector
221 properties:
222 errors:
223 items:
224 type: string
225 type: array
226 healthy:
227 type: boolean
228 phase:
229 type: string
230 required:
231 - healthy
232 type: object
233 type: object
234 served: true
235 storage: true
236 subresources:
237 status: {}
238---
239apiVersion: apiextensions.k8s.io/v1
240kind: CustomResourceDefinition
241metadata:
242 annotations:
243 cnrm.cloud.google.com/operator-version: 1.106.0
244 controller-gen.kubebuilder.io/version: v0.10.0
245 creationTimestamp: null
246 labels:
247 cnrm.cloud.google.com/operator-system: "true"
248 name: controllerresources.customize.core.cnrm.cloud.google.com
249spec:
250 group: customize.core.cnrm.cloud.google.com
251 names:
252 kind: ControllerResource
253 listKind: ControllerResourceList
254 plural: controllerresources
255 singular: controllerresource
256 scope: Cluster
257 versions:
258 - name: v1alpha1
259 schema:
260 openAPIV3Schema:
261 description: ControllerResource is the Schema for resource customization API
262 for config connector controllers.
263 properties:
264 apiVersion:
265 description: 'APIVersion defines the versioned schema of this representation
266 of an object. Servers should convert recognized schemas to the latest
267 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
268 type: string
269 kind:
270 description: 'Kind is a string value representing the REST resource this
271 object represents. Servers may infer this from the endpoint the client
272 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
273 type: string
274 metadata:
275 type: object
276 spec:
277 description: ControllerResourceSpec is the specification of the resource
278 customization for containers of a config connector controller.
279 properties:
280 containers:
281 description: The list of containers whose resource requirements to
282 be customized. Required
283 items:
284 description: ContainerResourceSpec is the specification of the resource
285 customization for a container of a config connector controller.
286 properties:
287 name:
288 description: The name of the container whose resource requirements
289 will be customized. Required
290 enum:
291 - manager
292 - webhook
293 - deletiondefender
294 - prom-to-sd
295 - recorder
296 type: string
297 resources:
298 description: Resources specifies the resource customization
299 of this container. Required
300 properties:
301 limits:
302 additionalProperties:
303 anyOf:
304 - type: integer
305 - type: string
306 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
307 x-kubernetes-int-or-string: true
308 description: 'Limits describes the maximum amount of compute
309 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
310 type: object
311 requests:
312 additionalProperties:
313 anyOf:
314 - type: integer
315 - type: string
316 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
317 x-kubernetes-int-or-string: true
318 description: 'Requests describes the minimum amount of compute
319 resources required. If Requests is omitted for a container,
320 it defaults to Limits if that is explicitly specified,
321 otherwise to an implementation-defined value. More info:
322 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
323 type: object
324 type: object
325 required:
326 - name
327 - resources
328 type: object
329 type: array
330 required:
331 - containers
332 type: object
333 status:
334 description: ControllerResourceStatus defines the observed state of ControllerResource.
335 properties:
336 errors:
337 items:
338 type: string
339 type: array
340 healthy:
341 type: boolean
342 phase:
343 type: string
344 required:
345 - healthy
346 type: object
347 required:
348 - spec
349 type: object
350 served: true
351 storage: true
352 subresources:
353 status: {}
354---
355apiVersion: v1
356kind: ServiceAccount
357metadata:
358 annotations:
359 cnrm.cloud.google.com/operator-version: 1.106.0
360 labels:
361 cnrm.cloud.google.com/operator-system: "true"
362 name: configconnector-operator
363 namespace: configconnector-operator-system
364---
365apiVersion: rbac.authorization.k8s.io/v1
366kind: ClusterRole
367metadata:
368 annotations:
369 cnrm.cloud.google.com/operator-version: 1.106.0
370 cnrm.cloud.google.com/version: 1.106.0
371 creationTimestamp: null
372 labels:
373 cnrm.cloud.google.com/operator-system: "true"
374 cnrm.cloud.google.com/system: "true"
375 rbac.authorization.k8s.io/aggregate-to-view: "true"
376 name: configconnector-operator-cnrm-viewer
377rules:
378- apiGroups:
379 - accesscontextmanager.cnrm.cloud.google.com
380 resources:
381 - '*'
382 verbs:
383 - get
384 - list
385 - watch
386- apiGroups:
387 - alloydb.cnrm.cloud.google.com
388 resources:
389 - '*'
390 verbs:
391 - get
392 - list
393 - watch
394- apiGroups:
395 - apigateway.cnrm.cloud.google.com
396 resources:
397 - '*'
398 verbs:
399 - get
400 - list
401 - watch
402- apiGroups:
403 - apigee.cnrm.cloud.google.com
404 resources:
405 - '*'
406 verbs:
407 - get
408 - list
409 - watch
410- apiGroups:
411 - appengine.cnrm.cloud.google.com
412 resources:
413 - '*'
414 verbs:
415 - get
416 - list
417 - watch
418- apiGroups:
419 - artifactregistry.cnrm.cloud.google.com
420 resources:
421 - '*'
422 verbs:
423 - get
424 - list
425 - watch
426- apiGroups:
427 - beyondcorp.cnrm.cloud.google.com
428 resources:
429 - '*'
430 verbs:
431 - get
432 - list
433 - watch
434- apiGroups:
435 - bigquery.cnrm.cloud.google.com
436 resources:
437 - '*'
438 verbs:
439 - get
440 - list
441 - watch
442- apiGroups:
443 - bigqueryanalyticshub.cnrm.cloud.google.com
444 resources:
445 - '*'
446 verbs:
447 - get
448 - list
449 - watch
450- apiGroups:
451 - bigqueryconnection.cnrm.cloud.google.com
452 resources:
453 - '*'
454 verbs:
455 - get
456 - list
457 - watch
458- apiGroups:
459 - bigquerydatapolicy.cnrm.cloud.google.com
460 resources:
461 - '*'
462 verbs:
463 - get
464 - list
465 - watch
466- apiGroups:
467 - bigquerydatatransfer.cnrm.cloud.google.com
468 resources:
469 - '*'
470 verbs:
471 - get
472 - list
473 - watch
474- apiGroups:
475 - bigqueryreservation.cnrm.cloud.google.com
476 resources:
477 - '*'
478 verbs:
479 - get
480 - list
481 - watch
482- apiGroups:
483 - bigtable.cnrm.cloud.google.com
484 resources:
485 - '*'
486 verbs:
487 - get
488 - list
489 - watch
490- apiGroups:
491 - billingbudgets.cnrm.cloud.google.com
492 resources:
493 - '*'
494 verbs:
495 - get
496 - list
497 - watch
498- apiGroups:
499 - binaryauthorization.cnrm.cloud.google.com
500 resources:
501 - '*'
502 verbs:
503 - get
504 - list
505 - watch
506- apiGroups:
507 - certificatemanager.cnrm.cloud.google.com
508 resources:
509 - '*'
510 verbs:
511 - get
512 - list
513 - watch
514- apiGroups:
515 - cloudasset.cnrm.cloud.google.com
516 resources:
517 - '*'
518 verbs:
519 - get
520 - list
521 - watch
522- apiGroups:
523 - cloudbuild.cnrm.cloud.google.com
524 resources:
525 - '*'
526 verbs:
527 - get
528 - list
529 - watch
530- apiGroups:
531 - cloudfunctions.cnrm.cloud.google.com
532 resources:
533 - '*'
534 verbs:
535 - get
536 - list
537 - watch
538- apiGroups:
539 - cloudfunctions2.cnrm.cloud.google.com
540 resources:
541 - '*'
542 verbs:
543 - get
544 - list
545 - watch
546- apiGroups:
547 - cloudidentity.cnrm.cloud.google.com
548 resources:
549 - '*'
550 verbs:
551 - get
552 - list
553 - watch
554- apiGroups:
555 - cloudids.cnrm.cloud.google.com
556 resources:
557 - '*'
558 verbs:
559 - get
560 - list
561 - watch
562- apiGroups:
563 - cloudiot.cnrm.cloud.google.com
564 resources:
565 - '*'
566 verbs:
567 - get
568 - list
569 - watch
570- apiGroups:
571 - cloudscheduler.cnrm.cloud.google.com
572 resources:
573 - '*'
574 verbs:
575 - get
576 - list
577 - watch
578- apiGroups:
579 - cloudtasks.cnrm.cloud.google.com
580 resources:
581 - '*'
582 verbs:
583 - get
584 - list
585 - watch
586- apiGroups:
587 - compute.cnrm.cloud.google.com
588 resources:
589 - '*'
590 verbs:
591 - get
592 - list
593 - watch
594- apiGroups:
595 - configcontroller.cnrm.cloud.google.com
596 resources:
597 - '*'
598 verbs:
599 - get
600 - list
601 - watch
602- apiGroups:
603 - container.cnrm.cloud.google.com
604 resources:
605 - '*'
606 verbs:
607 - get
608 - list
609 - watch
610- apiGroups:
611 - containeranalysis.cnrm.cloud.google.com
612 resources:
613 - '*'
614 verbs:
615 - get
616 - list
617 - watch
618- apiGroups:
619 - datacatalog.cnrm.cloud.google.com
620 resources:
621 - '*'
622 verbs:
623 - get
624 - list
625 - watch
626- apiGroups:
627 - dataflow.cnrm.cloud.google.com
628 resources:
629 - '*'
630 verbs:
631 - get
632 - list
633 - watch
634- apiGroups:
635 - dataform.cnrm.cloud.google.com
636 resources:
637 - '*'
638 verbs:
639 - get
640 - list
641 - watch
642- apiGroups:
643 - datafusion.cnrm.cloud.google.com
644 resources:
645 - '*'
646 verbs:
647 - get
648 - list
649 - watch
650- apiGroups:
651 - dataproc.cnrm.cloud.google.com
652 resources:
653 - '*'
654 verbs:
655 - get
656 - list
657 - watch
658- apiGroups:
659 - datastore.cnrm.cloud.google.com
660 resources:
661 - '*'
662 verbs:
663 - get
664 - list
665 - watch
666- apiGroups:
667 - datastream.cnrm.cloud.google.com
668 resources:
669 - '*'
670 verbs:
671 - get
672 - list
673 - watch
674- apiGroups:
675 - deploymentmanager.cnrm.cloud.google.com
676 resources:
677 - '*'
678 verbs:
679 - get
680 - list
681 - watch
682- apiGroups:
683 - dialogflow.cnrm.cloud.google.com
684 resources:
685 - '*'
686 verbs:
687 - get
688 - list
689 - watch
690- apiGroups:
691 - dialogflowcx.cnrm.cloud.google.com
692 resources:
693 - '*'
694 verbs:
695 - get
696 - list
697 - watch
698- apiGroups:
699 - dlp.cnrm.cloud.google.com
700 resources:
701 - '*'
702 verbs:
703 - get
704 - list
705 - watch
706- apiGroups:
707 - dns.cnrm.cloud.google.com
708 resources:
709 - '*'
710 verbs:
711 - get
712 - list
713 - watch
714- apiGroups:
715 - documentai.cnrm.cloud.google.com
716 resources:
717 - '*'
718 verbs:
719 - get
720 - list
721 - watch
722- apiGroups:
723 - essentialcontacts.cnrm.cloud.google.com
724 resources:
725 - '*'
726 verbs:
727 - get
728 - list
729 - watch
730- apiGroups:
731 - eventarc.cnrm.cloud.google.com
732 resources:
733 - '*'
734 verbs:
735 - get
736 - list
737 - watch
738- apiGroups:
739 - filestore.cnrm.cloud.google.com
740 resources:
741 - '*'
742 verbs:
743 - get
744 - list
745 - watch
746- apiGroups:
747 - firebase.cnrm.cloud.google.com
748 resources:
749 - '*'
750 verbs:
751 - get
752 - list
753 - watch
754- apiGroups:
755 - firebasedatabase.cnrm.cloud.google.com
756 resources:
757 - '*'
758 verbs:
759 - get
760 - list
761 - watch
762- apiGroups:
763 - firebasehosting.cnrm.cloud.google.com
764 resources:
765 - '*'
766 verbs:
767 - get
768 - list
769 - watch
770- apiGroups:
771 - firebasestorage.cnrm.cloud.google.com
772 resources:
773 - '*'
774 verbs:
775 - get
776 - list
777 - watch
778- apiGroups:
779 - firestore.cnrm.cloud.google.com
780 resources:
781 - '*'
782 verbs:
783 - get
784 - list
785 - watch
786- apiGroups:
787 - gkebackup.cnrm.cloud.google.com
788 resources:
789 - '*'
790 verbs:
791 - get
792 - list
793 - watch
794- apiGroups:
795 - gkehub.cnrm.cloud.google.com
796 resources:
797 - '*'
798 verbs:
799 - get
800 - list
801 - watch
802- apiGroups:
803 - healthcare.cnrm.cloud.google.com
804 resources:
805 - '*'
806 verbs:
807 - get
808 - list
809 - watch
810- apiGroups:
811 - iam.cnrm.cloud.google.com
812 resources:
813 - '*'
814 verbs:
815 - get
816 - list
817 - watch
818- apiGroups:
819 - iap.cnrm.cloud.google.com
820 resources:
821 - '*'
822 verbs:
823 - get
824 - list
825 - watch
826- apiGroups:
827 - identityplatform.cnrm.cloud.google.com
828 resources:
829 - '*'
830 verbs:
831 - get
832 - list
833 - watch
834- apiGroups:
835 - kms.cnrm.cloud.google.com
836 resources:
837 - '*'
838 verbs:
839 - get
840 - list
841 - watch
842- apiGroups:
843 - logging.cnrm.cloud.google.com
844 resources:
845 - '*'
846 verbs:
847 - get
848 - list
849 - watch
850- apiGroups:
851 - memcache.cnrm.cloud.google.com
852 resources:
853 - '*'
854 verbs:
855 - get
856 - list
857 - watch
858- apiGroups:
859 - mlengine.cnrm.cloud.google.com
860 resources:
861 - '*'
862 verbs:
863 - get
864 - list
865 - watch
866- apiGroups:
867 - monitoring.cnrm.cloud.google.com
868 resources:
869 - '*'
870 verbs:
871 - get
872 - list
873 - watch
874- apiGroups:
875 - networkconnectivity.cnrm.cloud.google.com
876 resources:
877 - '*'
878 verbs:
879 - get
880 - list
881 - watch
882- apiGroups:
883 - networkmanagement.cnrm.cloud.google.com
884 resources:
885 - '*'
886 verbs:
887 - get
888 - list
889 - watch
890- apiGroups:
891 - networksecurity.cnrm.cloud.google.com
892 resources:
893 - '*'
894 verbs:
895 - get
896 - list
897 - watch
898- apiGroups:
899 - networkservices.cnrm.cloud.google.com
900 resources:
901 - '*'
902 verbs:
903 - get
904 - list
905 - watch
906- apiGroups:
907 - notebooks.cnrm.cloud.google.com
908 resources:
909 - '*'
910 verbs:
911 - get
912 - list
913 - watch
914- apiGroups:
915 - orgpolicy.cnrm.cloud.google.com
916 resources:
917 - '*'
918 verbs:
919 - get
920 - list
921 - watch
922- apiGroups:
923 - osconfig.cnrm.cloud.google.com
924 resources:
925 - '*'
926 verbs:
927 - get
928 - list
929 - watch
930- apiGroups:
931 - oslogin.cnrm.cloud.google.com
932 resources:
933 - '*'
934 verbs:
935 - get
936 - list
937 - watch
938- apiGroups:
939 - privateca.cnrm.cloud.google.com
940 resources:
941 - '*'
942 verbs:
943 - get
944 - list
945 - watch
946- apiGroups:
947 - pubsub.cnrm.cloud.google.com
948 resources:
949 - '*'
950 verbs:
951 - get
952 - list
953 - watch
954- apiGroups:
955 - pubsublite.cnrm.cloud.google.com
956 resources:
957 - '*'
958 verbs:
959 - get
960 - list
961 - watch
962- apiGroups:
963 - recaptchaenterprise.cnrm.cloud.google.com
964 resources:
965 - '*'
966 verbs:
967 - get
968 - list
969 - watch
970- apiGroups:
971 - redis.cnrm.cloud.google.com
972 resources:
973 - '*'
974 verbs:
975 - get
976 - list
977 - watch
978- apiGroups:
979 - resourcemanager.cnrm.cloud.google.com
980 resources:
981 - '*'
982 verbs:
983 - get
984 - list
985 - watch
986- apiGroups:
987 - run.cnrm.cloud.google.com
988 resources:
989 - '*'
990 verbs:
991 - get
992 - list
993 - watch
994- apiGroups:
995 - secretmanager.cnrm.cloud.google.com
996 resources:
997 - '*'
998 verbs:
999 - get
1000 - list
1001 - watch
1002- apiGroups:
1003 - securitycenter.cnrm.cloud.google.com
1004 resources:
1005 - '*'
1006 verbs:
1007 - get
1008 - list
1009 - watch
1010- apiGroups:
1011 - servicedirectory.cnrm.cloud.google.com
1012 resources:
1013 - '*'
1014 verbs:
1015 - get
1016 - list
1017 - watch
1018- apiGroups:
1019 - servicenetworking.cnrm.cloud.google.com
1020 resources:
1021 - '*'
1022 verbs:
1023 - get
1024 - list
1025 - watch
1026- apiGroups:
1027 - serviceusage.cnrm.cloud.google.com
1028 resources:
1029 - '*'
1030 verbs:
1031 - get
1032 - list
1033 - watch
1034- apiGroups:
1035 - sourcerepo.cnrm.cloud.google.com
1036 resources:
1037 - '*'
1038 verbs:
1039 - get
1040 - list
1041 - watch
1042- apiGroups:
1043 - spanner.cnrm.cloud.google.com
1044 resources:
1045 - '*'
1046 verbs:
1047 - get
1048 - list
1049 - watch
1050- apiGroups:
1051 - sql.cnrm.cloud.google.com
1052 resources:
1053 - '*'
1054 verbs:
1055 - get
1056 - list
1057 - watch
1058- apiGroups:
1059 - storage.cnrm.cloud.google.com
1060 resources:
1061 - '*'
1062 verbs:
1063 - get
1064 - list
1065 - watch
1066- apiGroups:
1067 - storagetransfer.cnrm.cloud.google.com
1068 resources:
1069 - '*'
1070 verbs:
1071 - get
1072 - list
1073 - watch
1074- apiGroups:
1075 - tags.cnrm.cloud.google.com
1076 resources:
1077 - '*'
1078 verbs:
1079 - get
1080 - list
1081 - watch
1082- apiGroups:
1083 - tpu.cnrm.cloud.google.com
1084 resources:
1085 - '*'
1086 verbs:
1087 - get
1088 - list
1089 - watch
1090- apiGroups:
1091 - vertexai.cnrm.cloud.google.com
1092 resources:
1093 - '*'
1094 verbs:
1095 - get
1096 - list
1097 - watch
1098- apiGroups:
1099 - vpcaccess.cnrm.cloud.google.com
1100 resources:
1101 - '*'
1102 verbs:
1103 - get
1104 - list
1105 - watch
1106- apiGroups:
1107 - workflows.cnrm.cloud.google.com
1108 resources:
1109 - '*'
1110 verbs:
1111 - get
1112 - list
1113 - watch
1114- apiGroups:
1115 - workstations.cnrm.cloud.google.com
1116 resources:
1117 - '*'
1118 verbs:
1119 - get
1120 - list
1121 - watch
1122---
1123apiVersion: rbac.authorization.k8s.io/v1
1124kind: ClusterRole
1125metadata:
1126 annotations:
1127 cnrm.cloud.google.com/operator-version: 1.106.0
1128 creationTimestamp: null
1129 labels:
1130 cnrm.cloud.google.com/operator-system: "true"
1131 name: configconnector-operator-manager-role
1132rules:
1133- apiGroups:
1134 - ""
1135 resources:
1136 - configmaps
1137 - events
1138 - events
1139 - namespaces
1140 - secrets
1141 - serviceaccounts
1142 - services
1143 verbs:
1144 - create
1145 - delete
1146 - get
1147 - list
1148 - patch
1149 - update
1150 - watch
1151- apiGroups:
1152 - ""
1153 resources:
1154 - pods
1155 verbs:
1156 - get
1157 - list
1158 - watch
1159- apiGroups:
1160 - admissionregistration.k8s.io
1161 resources:
1162 - mutatingwebhookconfigurations
1163 - validatingwebhookconfigurations
1164 verbs:
1165 - create
1166 - delete
1167 - get
1168 - list
1169 - patch
1170 - update
1171 - watch
1172- apiGroups:
1173 - apiextensions.k8s.io
1174 resources:
1175 - customresourcedefinitions
1176 verbs:
1177 - create
1178 - delete
1179 - get
1180 - list
1181 - patch
1182 - update
1183 - watch
1184- apiGroups:
1185 - apps
1186 resources:
1187 - deployments
1188 verbs:
1189 - create
1190 - delete
1191 - get
1192 - list
1193 - patch
1194 - update
1195 - watch
1196- apiGroups:
1197 - apps
1198 resources:
1199 - statefulsets
1200 verbs:
1201 - create
1202 - delete
1203 - get
1204 - list
1205 - patch
1206 - update
1207 - watch
1208 - deletecollection
1209- apiGroups:
1210 - core.cnrm.cloud.google.com
1211 resources:
1212 - configconnectors
1213 - configconnectorcontexts
1214 verbs:
1215 - create
1216 - delete
1217 - get
1218 - list
1219 - patch
1220 - update
1221 - watch
1222- apiGroups:
1223 - core.cnrm.cloud.google.com
1224 resources:
1225 - configconnectors/status
1226 - configconnectorcontexts/status
1227 verbs:
1228 - get
1229 - patch
1230 - update
1231- apiGroups:
1232 - core.cnrm.cloud.google.com
1233 resources:
1234 - configconnectors/finalizers
1235 verbs:
1236 - update
1237- apiGroups:
1238 - customize.core.cnrm.cloud.google.com
1239 resources:
1240 - controllerresources
1241 verbs:
1242 - create
1243 - delete
1244 - get
1245 - list
1246 - patch
1247 - update
1248 - watch
1249- apiGroups:
1250 - customize.core.cnrm.cloud.google.com
1251 resources:
1252 - controllerresources/status
1253 verbs:
1254 - get
1255 - patch
1256 - update
1257- apiGroups:
1258 - rbac.authorization.k8s.io
1259 resources:
1260 - clusterrolebindings
1261 - rolebindings
1262 verbs:
1263 - create
1264 - delete
1265 - get
1266 - list
1267 - patch
1268 - update
1269 - watch
1270- apiGroups:
1271 - rbac.authorization.k8s.io
1272 resources:
1273 - clusterroles
1274 - roles
1275 verbs:
1276 - create
1277 - delete
1278 - escalate
1279 - get
1280 - list
1281 - patch
1282 - update
1283 - watch
1284- apiGroups:
1285 - rbac.authorization.k8s.io
1286 resourceNames:
1287 - cnrm-admin
1288 - cnrm-manager-cluster-role
1289 - cnrm-manager-ns-role
1290 - cnrm-recorder-role
1291 - cnrm-webhook-role
1292 resources:
1293 - clusterroles
1294 verbs:
1295 - bind
1296- apiGroups:
1297 - autoscaling
1298 resources:
1299 - horizontalpodautoscalers
1300 verbs:
1301 - create
1302 - delete
1303 - get
1304 - list
1305 - patch
1306 - update
1307 - watch
1308---
1309apiVersion: rbac.authorization.k8s.io/v1
1310kind: ClusterRoleBinding
1311metadata:
1312 annotations:
1313 cnrm.cloud.google.com/operator-version: 1.106.0
1314 labels:
1315 cnrm.cloud.google.com/operator-system: "true"
1316 name: configconnector-operator-cnrm-viewer-role-binding
1317roleRef:
1318 apiGroup: rbac.authorization.k8s.io
1319 kind: ClusterRole
1320 name: configconnector-operator-cnrm-viewer
1321subjects:
1322- kind: ServiceAccount
1323 name: configconnector-operator
1324 namespace: configconnector-operator-system
1325---
1326apiVersion: rbac.authorization.k8s.io/v1
1327kind: ClusterRoleBinding
1328metadata:
1329 annotations:
1330 cnrm.cloud.google.com/operator-version: 1.106.0
1331 labels:
1332 cnrm.cloud.google.com/operator-system: "true"
1333 name: configconnector-operator-rolebinding
1334roleRef:
1335 apiGroup: rbac.authorization.k8s.io
1336 kind: ClusterRole
1337 name: configconnector-operator-manager-role
1338subjects:
1339- kind: ServiceAccount
1340 name: configconnector-operator
1341 namespace: configconnector-operator-system
1342---
1343apiVersion: v1
1344kind: Service
1345metadata:
1346 annotations:
1347 cnrm.cloud.google.com/operator-version: 1.106.0
1348 labels:
1349 cnrm.cloud.google.com/operator-system: "true"
1350 name: configconnector-operator-service
1351 namespace: configconnector-operator-system
1352spec:
1353 ports:
1354 - name: controller-manager
1355 port: 443
1356 selector:
1357 cnrm.cloud.google.com/component: configconnector-operator
1358 cnrm.cloud.google.com/operator-system: "true"
1359---
1360apiVersion: apps/v1
1361kind: StatefulSet
1362metadata:
1363 annotations:
1364 cnrm.cloud.google.com/operator-version: 1.106.0
1365 labels:
1366 cnrm.cloud.google.com/component: configconnector-operator
1367 cnrm.cloud.google.com/operator-system: "true"
1368 name: configconnector-operator
1369 namespace: configconnector-operator-system
1370spec:
1371 replicas: 1
1372 selector:
1373 matchLabels:
1374 cnrm.cloud.google.com/component: configconnector-operator
1375 cnrm.cloud.google.com/operator-system: "true"
1376 serviceName: configconnector-operator-service
1377 template:
1378 metadata:
1379 annotations:
1380 cnrm.cloud.google.com/operator-version: 1.106.0
1381 labels:
1382 cnrm.cloud.google.com/component: configconnector-operator
1383 cnrm.cloud.google.com/operator-system: "true"
1384 spec:
1385 containers:
1386 - args:
1387 - --local-repo=/configconnector-operator/channels
1388 command:
1389 - /configconnector-operator/manager
1390 image: gcr.io/gke-release/cnrm/operator:da9adb1
1391 imagePullPolicy: Always
1392 name: manager
1393 resources:
1394 limits:
1395 memory: 1Gi
1396 requests:
1397 cpu: 100m
1398 memory: 512Mi
1399 securityContext:
1400 allowPrivilegeEscalation: false
1401 capabilities:
1402 drop:
1403 - all
1404 runAsGroup: 1000
1405 runAsNonRoot: true
1406 runAsUser: 1000
1407 enableServiceLinks: false
1408 securityContext:
1409 seccompProfile:
1410 type: RuntimeDefault
1411 serviceAccountName: configconnector-operator
1412 terminationGracePeriodSeconds: 10
View as plain text