From 68cf37d62015fd3e6026a66ad3128e7974275e96 Mon Sep 17 00:00:00 2001 From: Matt Knop Date: Mon, 19 Feb 2024 09:18:04 -0700 Subject: [PATCH 1/3] replaced listener.type with name --- controllers/cloud.redhat.com/providers/kafka/strimzi.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/kafka/strimzi.go b/controllers/cloud.redhat.com/providers/kafka/strimzi.go index 20cc248cb..204742682 100644 --- a/controllers/cloud.redhat.com/providers/kafka/strimzi.go +++ b/controllers/cloud.redhat.com/providers/kafka/strimzi.go @@ -96,9 +96,9 @@ func (s *strimziProvider) Provide(app *crd.ClowdApp) error { s.Config.Kafka.Topics = []config.TopicConfig{} for _, listener := range kafkaResource.Status.Listeners { - if listener.Type != nil && *listener.Type == "tls" { + if listener.Name != nil && *listener.Name == "tls" { s.Config.Kafka.Brokers = append(s.Config.Kafka.Brokers, buildTLSBrokerConfig(listener, kafkaCACert)) - } else if listener.Type != nil && (*listener.Type == "plain" || *listener.Type == "tcp") { + } else if listener.Name != nil && (*listener.Name == "plain" || *listener.Name == "tcp") { s.Config.Kafka.Brokers = append(s.Config.Kafka.Brokers, buildTCPBrokerConfig(listener)) } } @@ -627,9 +627,9 @@ func (s *strimziProvider) configureListeners() error { s.Config.Kafka.Brokers = []config.BrokerConfig{} for _, listener := range kafkaResource.Status.Listeners { - if listener.Type != nil && *listener.Type == "tls" { + if listener.Name != nil && *listener.Name == "tls" { s.Config.Kafka.Brokers = append(s.Config.Kafka.Brokers, buildTLSBrokerConfig(listener, kafkaCACert)) - } else if listener.Type != nil && (*listener.Type == "plain" || *listener.Type == "tcp") { + } else if listener.Name != nil && (*listener.Name == "plain" || *listener.Name == "tcp") { s.Config.Kafka.Brokers = append(s.Config.Kafka.Brokers, buildTCPBrokerConfig(listener)) } } From 23e00dcaf82208da167f730d1c086e3bfbbd5945 Mon Sep 17 00:00:00 2001 From: Matt Knop Date: Mon, 19 Feb 2024 09:35:23 -0700 Subject: [PATCH 2/3] updated type to name for unit test --- controllers/cloud.redhat.com/suite_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/cloud.redhat.com/suite_test.go b/controllers/cloud.redhat.com/suite_test.go index 350bd96a9..5bb08c22c 100644 --- a/controllers/cloud.redhat.com/suite_test.go +++ b/controllers/cloud.redhat.com/suite_test.go @@ -158,7 +158,7 @@ func applyKafkaStatus(t *testing.T, ch chan int) { Namespace: "kafka", } host := "kafka-bootstrap.kafka.svc" - listenerType := "plain" + listenerName := "plain" kport := int32(9092) // this loop will run for 60sec max @@ -184,7 +184,7 @@ func applyKafkaStatus(t *testing.T, ch chan int) { Type: utils.StringPtr("Ready"), }}, Listeners: []strimzi.KafkaStatusListenersElem{{ - Type: &listenerType, + Name: &listenerName, Addresses: []strimzi.KafkaStatusListenersElemAddressesElem{{ Host: &host, Port: &kport, From 9c73c8210dcf0de59228c04847660b431e743d4b Mon Sep 17 00:00:00 2001 From: Pete Savage Date: Mon, 19 Feb 2024 18:50:28 +0000 Subject: [PATCH 3/3] fix(kafka/strimzi): Fixed failing kafka tests in suite test * Updated Kafka CRDs to latest in strimzi client go * `name` field was missing * Fixed a expected/actual flip in a test --- .../kafkaconnects.kafka.strimzi.io.yaml | 272 ++++-- .../crd/static/kafkas.kafka.strimzi.io.yaml | 799 +++++++++++++----- .../static/kafkatopics.kafka.strimzi.io.yaml | 30 +- .../static/kafkausers.kafka.strimzi.io.yaml | 183 +++- controllers/cloud.redhat.com/suite_test.go | 2 +- 5 files changed, 953 insertions(+), 333 deletions(-) diff --git a/config/crd/static/kafkaconnects.kafka.strimzi.io.yaml b/config/crd/static/kafkaconnects.kafka.strimzi.io.yaml index ebc340ca4..ebfdb0ccb 100644 --- a/config/crd/static/kafkaconnects.kafka.strimzi.io.yaml +++ b/config/crd/static/kafkaconnects.kafka.strimzi.io.yaml @@ -36,7 +36,7 @@ spec: type: integer - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -47,7 +47,7 @@ spec: properties: version: type: string - description: The Kafka Connect version. Defaults to {DefaultKafkaVersion}. Consult the user documentation to understand the process required to upgrade or downgrade the version. + description: "The Kafka Connect version. Defaults to {DefaultKafkaVersion}. Consult the user documentation to understand the process required to upgrade or downgrade the version." replicas: type: integer description: The number of pods in the Kafka Connect group. @@ -56,7 +56,7 @@ spec: description: The docker image for the pods. bootstrapServers: type: string - description: Bootstrap servers to connect to. This should be given as a comma separated list of __:‍__ pairs. + description: Bootstrap servers to connect to. This should be given as a comma separated list of __:__ pairs. tls: type: object properties: @@ -97,7 +97,7 @@ spec: description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. audience: type: string - description: OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request. + description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." certificateAndKey: type: object properties: @@ -131,9 +131,21 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + description: "The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds." disableTlsHostnameVerification: type: boolean description: Enable or disable TLS hostname verification. Default value is `false`. + enableMetrics: + type: boolean + description: Enable or disable OAuth metrics. Default value is `false`. + httpRetries: + type: integer + description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries." + httpRetryPauseMs: + type: integer + description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request." maxTokenExpirySeconds: type: integer description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. @@ -150,6 +162,9 @@ spec: - password - secretName description: Reference to the `Secret` which holds the password. + readTimeoutSeconds: + type: integer + description: "The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds." refreshToken: type: object properties: @@ -188,10 +203,11 @@ spec: type: string enum: - tls + - scram-sha-256 - scram-sha-512 - plain - oauth - description: Authentication type. Currently the only supported types are `tls`, `scram-sha-512`, and `plain`. `scram-sha-512` type uses SASL SCRAM-SHA-512 Authentication. `plain` type uses SASL PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER Authentication. The `tls` type uses TLS Client Authentication. The `tls` type is supported only over TLS connections. + description: "Authentication type. Currently the supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and 'oauth'. `scram-sha-256` and `scram-sha-512` types use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 Authentication, respectively. `plain` type uses SASL PLAIN Authentication. `oauth` type uses SASL OAUTHBEARER Authentication. The `tls` type uses TLS Client Authentication. The `tls` type is supported only over TLS connections." username: type: string description: Username used for the authentication. @@ -201,7 +217,7 @@ spec: config: x-kubernetes-preserve-unknown-fields: true type: object - description: 'The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols).' + description: "The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols)." resources: type: object properties: @@ -269,11 +285,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -318,7 +334,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -336,6 +352,19 @@ spec: required: - type description: Logging configuration for Kafka Connect. + clientRackInitImage: + type: string + description: The image of the init container used for initializing the `client.rack`. + rack: + type: object + properties: + topologyKey: + type: string + example: topology.kubernetes.io/zone + description: "A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2.0." + required: + - topologyKey + description: Configuration of the node label which will be used as the `client.rack` consumer configuration. tracing: type: object properties: @@ -343,7 +372,8 @@ spec: type: string enum: - jaeger - description: Type of the tracing used. Currently the only supported type is `jaeger` for Jaeger tracing. + - opentelemetry + description: Type of the tracing used. Currently the only supported types are `jaeger` for OpenTracing (Jaeger) tracing and `opentelemetry` for OpenTelemetry tracing. The OpenTracing (Jaeger) tracing is deprecated. required: - type description: The configuration of tracing in Kafka Connect. @@ -359,19 +389,35 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. deploymentStrategy: type: string enum: - RollingUpdate - Recreate - description: DeploymentStrategy which will be used for this Deployment. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Kafka Connect `Deployment`. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for Kafka Connect `StrimziPodSet` resource. pod: type: object properties: @@ -381,11 +427,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -394,7 +440,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -446,13 +492,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -760,10 +808,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -776,6 +824,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -803,8 +855,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -820,11 +882,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -832,7 +894,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -840,8 +902,39 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for Kafka Connect API `Service`. + headlessService: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + ipFamilyPolicy: + type: string + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." + ipFamilies: + type: array + items: + type: string + enum: + - IPv4 + - IPv6 + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." + description: Template for Kafka Connect headless `Service`. connectContainer: type: object properties: @@ -910,6 +1003,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -982,6 +1077,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -995,16 +1092,16 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. - description: Metadata to apply to the `PodDistruptionBugetTemplate` resource. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 - description: Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." description: Template for Kafka Connect `PodDisruptionBudget`. serviceAccount: type: object @@ -1015,11 +1112,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka Connect service account. clusterRoleBinding: @@ -1031,11 +1128,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka Connect ClusterRoleBinding. buildPod: @@ -1047,11 +1144,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -1060,7 +1157,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -1112,13 +1209,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -1426,10 +1525,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -1442,6 +1541,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -1469,8 +1572,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -1545,6 +1658,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -1558,12 +1673,15 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. - description: Metadata applied to the resource. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. + pullSecret: + type: string + description: Container Registry Secret with the credentials for pulling the base image. description: Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift. buildServiceAccount: type: object @@ -1574,14 +1692,30 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka Connect Build service account. - description: Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how the `Deployment`, `Pods` and `Service` are generated. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for Secret of the Kafka Connect Cluster JMX authentication. + description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Deployment`, `Pods` and `Service` are generated." externalConfiguration: type: object properties: @@ -1685,7 +1819,7 @@ spec: type: array items: type: string - description: 'Configures additional options which will be passed to the Kaniko executor when building the new Connect image. Allowed options are: --customPlatform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run. These options will be used only on Kubernetes where the Kaniko executor is used. They will be ignored on OpenShift. The options are described in the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^]. Changing this field does not trigger new build of the Kafka Connect image.' + description: "Configures additional options which will be passed to the Kaniko executor when building the new Connect image. Allowed options are: --customPlatform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run. These options will be used only on Kubernetes where the Kaniko executor is used. They will be ignored on OpenShift. The options are described in the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^]. Changing this field does not trigger new build of the Kafka Connect image." image: type: string description: The name of the image which will be built. Required. @@ -1719,34 +1853,49 @@ spec: properties: name: type: string - pattern: ^[a-z0-9][-_a-z0-9]*[a-z0-9]$ - description: 'The unique name of the connector plugin. Will be used to generate the path where the connector artifacts will be stored. The name has to be unique within the KafkaConnect resource. The name has to follow the following pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required.' + pattern: "^[a-z0-9][-_a-z0-9]*[a-z0-9]$" + description: "The unique name of the connector plugin. Will be used to generate the path where the connector artifacts will be stored. The name has to be unique within the KafkaConnect resource. The name has to follow the following pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required." artifacts: type: array items: type: object properties: + artifact: + type: string + description: Maven artifact id. Applicable to the `maven` artifact type only. fileName: type: string description: Name under which the artifact will be stored. + group: + type: string + description: Maven group id. Applicable to the `maven` artifact type only. + insecure: + type: boolean + description: "By default, connections using TLS are verified to check they are secure. The server certificate used must be valid, trusted, and contain the server name. By setting this option to `true`, all TLS verification is disabled and the artifact will be downloaded, even when the server is considered insecure." + repository: + type: string + description: Maven repository to download the artifact from. Applicable to the `maven` artifact type only. sha512sum: type: string - description: SHA512 checksum of the artifact. Optional. If specified, the checksum will be verified while building the new container. If not specified, the downloaded artifact will not be verified. + description: "SHA512 checksum of the artifact. Optional. If specified, the checksum will be verified while building the new container. If not specified, the downloaded artifact will not be verified. Not applicable to the `maven` artifact type. " type: type: string enum: - jar - tgz - zip + - maven - other - description: Artifact type. Currently, the supported artifact types are `tgz`, `jar`, and `zip`. + description: "Artifact type. Currently, the supported artifact types are `tgz`, `jar`, `zip`, `other` and `maven`." url: type: string - pattern: ^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|] - description: URL of the artifact which will be downloaded. Strimzi does not do any security scanning of the downloaded artifacts. For security reasons, you should first verify the artifacts manually and configure the checksum verification to make sure the same artifact is used in the automated build. Required. + pattern: "^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$" + description: "URL of the artifact which will be downloaded. Strimzi does not do any security scanning of the downloaded artifacts. For security reasons, you should first verify the artifacts manually and configure the checksum verification to make sure the same artifact is used in the automated build. Required for `jar`, `zip`, `tgz` and `other` artifacts. Not applicable to the `maven` artifact type." + version: + type: string + description: Maven version number. Applicable to the `maven` artifact type only. required: - type - - url description: List of artifacts which belong to this connector plugin. Required. required: - name @@ -1756,9 +1905,6 @@ spec: - output - plugins description: Configures how the Connect container image should be built. Optional. - clientRackInitImage: - type: string - description: The image of the init container used for initializing the `client.rack`. metricsConfig: type: object properties: @@ -1780,21 +1926,11 @@ spec: optional: type: boolean description: Reference to the key in the ConfigMap containing the configuration. - description: ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}. + description: "ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}." required: - type - valueFrom description: Metrics configuration. - rack: - type: object - properties: - topologyKey: - type: string - example: topology.kubernetes.io/zone - description: A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set the broker's `broker.rack` config and `client.rack` in Kafka Connect. - required: - - topologyKey - description: Configuration of the node label which will be used as the client.rack consumer configuration. required: - bootstrapServers description: The specification of the Kafka Connect cluster. @@ -1808,13 +1944,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). diff --git a/config/crd/static/kafkas.kafka.strimzi.io.yaml b/config/crd/static/kafkas.kafka.strimzi.io.yaml index 8a2bdd541..a5c4fcf09 100644 --- a/config/crd/static/kafkas.kafka.strimzi.io.yaml +++ b/config/crd/static/kafkas.kafka.strimzi.io.yaml @@ -36,11 +36,11 @@ spec: type: integer - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string - name: Warnings description: Warnings related to the custom resource - jsonPath: .status.conditions[?(@.type=="Warning")].status + jsonPath: ".status.conditions[?(@.type==\"Warning\")].status" type: string schema: openAPIV3Schema: @@ -54,7 +54,7 @@ spec: properties: version: type: string - description: The kafka broker version. Defaults to {DefaultKafkaVersion}. Consult the user documentation to understand the process required to upgrade or downgrade the version. + description: "The kafka broker version. Defaults to {DefaultKafkaVersion}. Consult the user documentation to understand the process required to upgrade or downgrade the version." replicas: type: integer minimum: 1 @@ -70,12 +70,12 @@ spec: properties: name: type: string - pattern: ^[a-z0-9]{1,11}$ + pattern: "^[a-z0-9]{1,11}$" description: Name of the listener. The name will be used to identify the listener and the related Kubernetes objects. The name has to be unique within given a Kafka cluster. The name can consist of lowercase characters and numbers and be up to 11 characters long. port: type: integer minimum: 9092 - description: Port number used by the listener inside Kafka. The port number has to be unique within a given Kafka cluster. Allowed port numbers are 9092 and higher with the exception of ports 9404 and 9999, which are already used for Prometheus and JMX. Depending on the listener type, the port number might not be the same as the port number that connects Kafka clients. + description: "Port number used by the listener inside Kafka. The port number has to be unique within a given Kafka cluster. Allowed port numbers are 9092 and higher with the exception of ports 9404 and 9999, which are already used for Prometheus and JMX. Depending on the listener type, the port number might not be the same as the port number that connects Kafka clients." type: type: string enum: @@ -84,7 +84,8 @@ spec: - loadbalancer - nodeport - ingress - description: "Type of the listener. Currently the supported types are `internal`, `route`, `loadbalancer`, `nodeport` and `ingress`. \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka.\n" + - cluster-ip + description: "Type of the listener. Currently the supported types are `internal`, `route`, `loadbalancer`, `nodeport` and `ingress`. \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka with TLS passthrough.\n* `cluster-ip` type uses a per-broker `ClusterIP` service.\n" tls: type: boolean description: Enables TLS encryption on the listener. This is a required property. @@ -99,7 +100,7 @@ spec: description: Configure whether the access token type check is performed or not. This should be set to `false` if the authorization server does not include 'typ' claim in JWT token. Defaults to `true`. checkAudience: type: boolean - description: Enable or disable audience checking. Audience checks identify the recipients of tokens. If audience checking is enabled, the OAuth Client ID also has to be configured using the `clientId` property. The Kafka broker will reject tokens that do not have its `clientId` in their `aud` (audience) claim.Default value is `false`. + description: "Enable or disable audience checking. Audience checks identify the recipients of tokens. If audience checking is enabled, the OAuth Client ID also has to be configured using the `clientId` property. The Kafka broker will reject tokens that do not have its `clientId` in their `aud` (audience) claim.Default value is `false`." checkIssuer: type: boolean description: Enable or disable issuer checking. By default issuer is checked using the value configured by `validIssuerUri`. Default value is `true`. @@ -125,6 +126,9 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the OAuth client secret which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI. + connectTimeoutSeconds: + type: integer + description: "The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds." customClaimCheck: type: string description: JsonPath filter query to be applied to the JWT token or to the response of the introspection endpoint for additional token validation. Not set by default. @@ -134,39 +138,85 @@ spec: enableECDSA: type: boolean description: Enable or disable ECDSA support by installing BouncyCastle crypto provider. ECDSA support is always enabled. The BouncyCastle libraries are no longer packaged with Strimzi. Value is ignored. + enableMetrics: + type: boolean + description: Enable or disable OAuth metrics. Default value is `false`. enableOauthBearer: type: boolean description: Enable or disable OAuth authentication over SASL_OAUTHBEARER. Default value is `true`. enablePlain: type: boolean description: Enable or disable OAuth authentication over SASL_PLAIN. There is no re-authentication support when this mechanism is used. Default value is `false`. + failFast: + type: boolean + description: Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`. fallbackUserNameClaim: type: string description: The fallback username claim to be used for the user id if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client id being provided in another claim. It only takes effect if `userNameClaim` is set. fallbackUserNamePrefix: type: string - description: The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions. + description: "The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions." + groupsClaim: + type: string + description: JsonPath query used to extract groups for the user during authentication. Extracted groups can be used by a custom authorizer. By default no groups are extracted. + groupsClaimDelimiter: + type: string + description: "A delimiter used to parse groups when they are extracted as a single String value rather than a JSON array. Default value is ',' (comma)." + httpRetries: + type: integer + description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries." + httpRetryPauseMs: + type: integer + description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request." introspectionEndpointUri: type: string description: URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens. jwksEndpointUri: type: string - description: URI of the JWKS certificate endpoint, which can be used for local JWT validation. + description: "URI of the JWKS certificate endpoint, which can be used for local JWT validation." jwksExpirySeconds: type: integer minimum: 1 description: Configures how often are the JWKS certificates considered valid. The expiry interval has to be at least 60 seconds longer then the refresh interval specified in `jwksRefreshSeconds`. Defaults to 360 seconds. + jwksIgnoreKeyUse: + type: boolean + description: Flag to ignore the 'use' attribute of `key` declarations in a JWKS endpoint response. Default value is `false`. jwksMinRefreshPauseSeconds: type: integer minimum: 0 - description: The minimum pause between two consecutive refreshes. When an unknown signing key is encountered the refresh is scheduled immediately, but will always wait for this minimum pause. Defaults to 1 second. + description: "The minimum pause between two consecutive refreshes. When an unknown signing key is encountered the refresh is scheduled immediately, but will always wait for this minimum pause. Defaults to 1 second." jwksRefreshSeconds: type: integer minimum: 1 description: Configures how often are the JWKS certificates refreshed. The refresh interval has to be at least 60 seconds shorter then the expiry interval specified in `jwksExpirySeconds`. Defaults to 300 seconds. + listenerConfig: + x-kubernetes-preserve-unknown-fields: true + type: object + description: Configuration to be used for a specific listener. All values are prefixed with listener.name.__. maxSecondsWithoutReauthentication: type: integer - description: Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`). + description: "Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`)." + readTimeoutSeconds: + type: integer + description: "The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds." + sasl: + type: boolean + description: Enable or disable SASL on this listener. + secrets: + type: array + items: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. tlsTrustedCertificates: type: array items: @@ -184,26 +234,27 @@ spec: description: Trusted certificates for TLS connection to the OAuth server. tokenEndpointUri: type: string - description: 'URI of the Token Endpoint to use with SASL_PLAIN mechanism when the client authenticates with clientId and a secret. ' + description: "URI of the Token Endpoint to use with SASL_PLAIN mechanism when the client authenticates with `clientId` and a `secret`. If set, the client can authenticate over SASL_PLAIN by either setting `username` to `clientId`, and setting `password` to client `secret`, or by setting `username` to account username, and `password` to access token prefixed with `$accessToken:`. If this option is not set, the `password` is always interpreted as an access token (without a prefix), and `username` as the account username (a so called 'no-client-credentials' mode)." type: type: string enum: - tls - scram-sha-512 - oauth - description: Authentication type. `oauth` type uses SASL OAUTHBEARER Authentication. `scram-sha-512` type uses SASL SCRAM-SHA-512 Authentication. `tls` type uses TLS Client Authentication. `tls` type is supported only on TLS listeners. + - custom + description: Authentication type. `oauth` type uses SASL OAUTHBEARER Authentication. `scram-sha-512` type uses SASL SCRAM-SHA-512 Authentication. `tls` type uses TLS Client Authentication. `tls` type is supported only on TLS listeners.`custom` type allows for any authentication type to be used. userInfoEndpointUri: type: string description: 'URI of the User Info Endpoint to use as a fallback to obtaining the user id when the Introspection Endpoint does not return information that can be used for the user id. ' userNameClaim: type: string - description: Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`. + description: "Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`." validIssuerUri: type: string description: URI of the token issuer used for authentication. validTokenType: type: string - description: Valid value for the `token_type` attribute returned by the Introspection Endpoint. No default value, and not checked by default. + description: "Valid value for the `token_type` attribute returned by the Introspection Endpoint. No default value, and not checked by default." required: - type description: Authentication configuration for this listener. @@ -232,12 +283,12 @@ spec: enum: - Local - Cluster - description: Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener. + description: "Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener." loadBalancerSourceRanges: type: array items: type: string - description: A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For more information, see https://v1-17.docs.kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/. This field can be used only with `loadbalancer` type listener. + description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. This field can be used only with `loadbalancer` type listener." bootstrap: type: object properties: @@ -258,11 +309,11 @@ spec: annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners. + description: "Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners. + description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." description: Bootstrap configuration. brokers: type: array @@ -290,11 +341,11 @@ spec: annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations that will be added to the `Ingress` or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, or `ingress` type listeners. + description: "Annotations that will be added to the `Ingress` or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, or `ingress` type listeners." labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners. + description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." required: - broker description: Per-broker configurations. @@ -304,7 +355,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -312,18 +363,21 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." + createBootstrapService: + type: boolean + description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadBalancer` type listener. class: type: string - description: Configures the `Ingress` class that defines which `Ingress` controller will be used. This field can be used only with `ingress` type listener. If not specified, the default Ingress controller will be used. + description: "Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller will be used. This field can only be used with `ingress` and `loadbalancer` type listeners. If not specified, the default controller is used. For an `ingress` listener, set the `ingressClassName` property in the `Ingress` resources. For a `loadbalancer` listener, set the `loadBalancerClass` property in the `Service` resources." finalizers: type: array items: type: string - description: A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners. + description: "A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners." maxConnectionCreationRate: type: integer - description: The maximum connection creation rate we allow in this listener at any time. New connections will be throttled if the limit is reached.Supported only on Kafka 2.7.0 and newer. + description: The maximum connection creation rate we allow in this listener at any time. New connections will be throttled if the limit is reached. maxConnections: type: integer description: The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. @@ -337,6 +391,7 @@ spec: - Hostname description: |- Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used): + * `ExternalDNS` * `ExternalIP` * `InternalDNS` @@ -346,7 +401,7 @@ spec: This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener. useServiceDnsDomain: type: boolean - description: Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` type listener. + description: "Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` and `cluster-ip` type listeners." description: Additional listener configuration. networkPolicyPeers: type: array @@ -400,16 +455,17 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object - description: List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. + description: "List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list." required: - name - port - type - tls + description: Configures listeners of Kafka brokers. config: x-kubernetes-preserve-unknown-fields: true type: object - description: 'Kafka broker config properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., principal.builder.class, log.dir, zookeeper.connect, zookeeper.set.acl, zookeeper.ssl, zookeeper.clientCnxnSocket, authorizer., super.user, cruise.control.metrics.topic, cruise.control.metrics.reporter.bootstrap.servers (with the exception of: zookeeper.connection.timeout.ms, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols,cruise.control.metrics.topic.num.partitions, cruise.control.metrics.topic.replication.factor, cruise.control.metrics.topic.retention.ms,cruise.control.metrics.topic.auto.create.retries, cruise.control.metrics.topic.auto.create.timeout.ms,cruise.control.metrics.topic.min.insync.replicas).' + description: "Kafka broker config properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., log.dir, zookeeper.connect, zookeeper.set.acl, zookeeper.ssl, zookeeper.clientCnxnSocket, authorizer., super.user, cruise.control.metrics.topic, cruise.control.metrics.reporter.bootstrap.servers,node.id, process.roles, controller. (with the exception of: zookeeper.connection.timeout.ms, sasl.server.max.receive.size,ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, ssl.secure.random.implementation,cruise.control.metrics.topic.num.partitions, cruise.control.metrics.topic.replication.factor, cruise.control.metrics.topic.retention.ms,cruise.control.metrics.topic.auto.create.retries, cruise.control.metrics.topic.auto.create.timeout.ms,cruise.control.metrics.topic.min.insync.replicas,controller.quorum.election.backoff.max.ms, controller.quorum.election.timeout.ms, controller.quorum.fetch.timeout.ms)." storage: type: object properties: @@ -441,18 +497,18 @@ spec: description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string - description: When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim. + description: "When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim." sizeLimit: type: string - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - description: When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." type: type: string enum: - ephemeral - persistent-claim - jbod - description: Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'. + description: "Storage type, must be either 'ephemeral', 'persistent-claim', or 'jbod'." volumes: type: array items: @@ -486,17 +542,17 @@ spec: description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string - description: When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim. + description: "When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim." sizeLimit: type: string - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - description: When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." type: type: string enum: - ephemeral - persistent-claim - description: Storage type, must be either 'ephemeral' or 'persistent-claim'. + description: "Storage type, must be either 'ephemeral' or 'persistent-claim'." required: - type description: List of volumes as Storage objects representing the JBOD disks array. @@ -508,19 +564,26 @@ spec: properties: allowOnError: type: boolean - description: Defines whether a Kafka client should be allowed or denied by default when the authorizer fails to query the Open Policy Agent, for example, when it is temporarily unavailable). Defaults to `false` - all actions will be denied. + description: "Defines whether a Kafka client should be allowed or denied by default when the authorizer fails to query the Open Policy Agent, for example, when it is temporarily unavailable). Defaults to `false` - all actions will be denied." authorizerClass: type: string - description: Authorization implementation class, which must be available in classpath. + description: "Authorization implementation class, which must be available in classpath." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. + connectTimeoutSeconds: + type: integer + minimum: 1 + description: "The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds." delegateToKafkaAcls: type: boolean description: Whether authorization decision should be delegated to the 'Simple' authorizer if DENIED by Keycloak Authorization Services policies. Default value is `false`. disableTlsHostnameVerification: type: boolean description: Enable or disable TLS hostname verification. Default value is `false`. + enableMetrics: + type: boolean + description: Enable or disable OAuth metrics. Default value is `false`. expireAfterMs: type: integer description: The expiration of the records kept in the local cache to avoid querying the Open Policy Agent for every request. Defines how often the cached authorization decisions are reloaded from the Open Policy Agent server. In milliseconds. Defaults to `3600000`. @@ -531,18 +594,29 @@ spec: grantsRefreshPoolSize: type: integer minimum: 1 - description: The number of threads to use to refresh grants for active sessions. The more threads, the more parallelism, so the sooner the job completes. However, using more threads places a heavier load on the authorization server. The default value is 5. + description: "The number of threads to use to refresh grants for active sessions. The more threads, the more parallelism, so the sooner the job completes. However, using more threads places a heavier load on the authorization server. The default value is 5." + httpRetries: + type: integer + minimum: 0 + description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries." initialCacheCapacity: type: integer description: Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request Defaults to `5000`. maximumCacheSize: type: integer description: Maximum capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request. Defaults to `50000`. + readTimeoutSeconds: + type: integer + minimum: 1 + description: "The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds." superUsers: type: array items: type: string - description: List of super users, which are user principals with unlimited access rights. + description: "List of super users, which are user principals with unlimited access rights." + supportsAdminApi: + type: boolean + description: Indicates whether the custom authorizer supports the APIs for managing ACLs using the Kafka Admin API. Defaults to `false`. tlsTrustedCertificates: type: array items: @@ -568,7 +642,7 @@ spec: - opa - keycloak - custom - description: Authorization type. Currently, the supported types are `simple`, `keycloak`, `opa` and `custom`. `simple` authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` class for authorization. `keycloak` authorization type uses Keycloak Authorization Services for authorization. `opa` authorization type uses Open Policy Agent based authorization.`custom` authorization type uses user-provided implementation for authorization. + description: "Authorization type. Currently, the supported types are `simple`, `keycloak`, `opa` and `custom`. `simple` authorization type uses Kafka's `kafka.security.authorizer.AclAuthorizer` class for authorization. `keycloak` authorization type uses Keycloak Authorization Services for authorization. `opa` authorization type uses Open Policy Agent based authorization.`custom` authorization type uses user-provided implementation for authorization." url: type: string example: http://opa:8181/v1/data/kafka/authz/allow @@ -582,7 +656,7 @@ spec: topologyKey: type: string example: topology.kubernetes.io/zone - description: A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set the broker's `broker.rack` config and `client.rack` in Kafka Connect. + description: "A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2.0." required: - topologyKey description: Configuration of the `broker.rack` broker config. @@ -646,11 +720,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -714,7 +788,7 @@ spec: optional: type: boolean description: Reference to the key in the ConfigMap containing the configuration. - description: ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}. + description: "ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}." required: - type - valueFrom @@ -731,7 +805,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -761,11 +835,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. podManagementPolicy: type: string @@ -783,11 +857,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -796,7 +870,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -848,13 +922,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -1162,10 +1238,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -1178,6 +1254,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -1205,8 +1285,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -1222,11 +1312,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -1234,7 +1324,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -1242,7 +1332,7 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for Kafka bootstrap `Service`. brokersService: type: object @@ -1253,11 +1343,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -1265,7 +1355,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -1273,7 +1363,7 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for Kafka broker `Service`. externalBootstrapService: type: object @@ -1284,11 +1374,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Service`. perPodService: @@ -1300,11 +1390,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka per-pod `Services` used for access from outside of Kubernetes. externalBootstrapRoute: @@ -1316,11 +1406,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Route`. perPodRoute: @@ -1332,11 +1422,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka per-pod `Routes` used for access from outside of OpenShift. externalBootstrapIngress: @@ -1348,11 +1438,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka external bootstrap `Ingress`. perPodIngress: @@ -1364,11 +1454,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka per-pod `Ingress` used for access from outside of Kubernetes. persistentVolumeClaim: @@ -1380,11 +1470,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for all Kafka `PersistentVolumeClaims`. podDisruptionBudget: @@ -1396,16 +1486,16 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. - description: Metadata to apply to the `PodDistruptionBugetTemplate` resource. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 - description: Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." description: Template for Kafka `PodDisruptionBudget`. kafkaContainer: type: object @@ -1475,6 +1565,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -1547,6 +1639,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -1560,11 +1654,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Secret with Kafka Cluster certificate public key. serviceAccount: @@ -1576,13 +1670,29 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka service account. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for Secret of the Kafka Cluster JMX authentication. clusterRoleBinding: type: object properties: @@ -1592,14 +1702,30 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka ClusterRoleBinding. - description: Template for Kafka cluster resources. The template allows users to specify how are the `StatefulSet`, `Pods` and `Services` generated. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for Kafka `StrimziPodSet` resource. + description: "Template for Kafka cluster resources. The template allows users to specify how the `StatefulSet`, `Pods`, and `Services` are generated." required: - replicas - listeners @@ -1646,24 +1772,24 @@ spec: description: Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. size: type: string - description: When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim. + description: "When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim." sizeLimit: type: string - pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ - description: When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: "When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi)." type: type: string enum: - ephemeral - persistent-claim - description: Storage type, must be either 'ephemeral' or 'persistent-claim'. + description: "Storage type, must be either 'ephemeral' or 'persistent-claim'." required: - type description: Storage configuration (disk). Cannot be updated. config: x-kubernetes-preserve-unknown-fields: true type: object - description: 'The ZooKeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme, snapshot.trust.empty, standaloneEnabled, reconfigEnabled, 4lw.commands.whitelist, secureClientPort, ssl., serverCnxnFactory, sslQuorum (with the exception of: ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, ssl.quorum.enabledProtocols, ssl.ciphersuites, ssl.quorum.ciphersuites, ssl.hostnameVerification, ssl.quorum.hostnameVerification).' + description: "The ZooKeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme, snapshot.trust.empty, standaloneEnabled, reconfigEnabled, 4lw.commands.whitelist, secureClientPort, ssl., serverCnxnFactory, sslQuorum (with the exception of: ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, ssl.quorum.enabledProtocols, ssl.ciphersuites, ssl.quorum.ciphersuites, ssl.hostnameVerification, ssl.quorum.hostnameVerification)." livenessProbe: type: object properties: @@ -1721,11 +1847,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -1743,6 +1869,21 @@ spec: description: The system property value. description: A map of additional system properties which will be passed using the `-D` option to the JVM. description: JVM Options for pods. + jmxOptions: + type: object + properties: + authentication: + type: object + properties: + type: + type: string + enum: + - password + description: Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS. + required: + - type + description: Authentication configuration for connecting to the JMX port. + description: JMX Options for Zookeeper nodes. resources: type: object properties: @@ -1774,7 +1915,7 @@ spec: optional: type: boolean description: Reference to the key in the ConfigMap containing the configuration. - description: ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}. + description: "ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}." required: - type - valueFrom @@ -1791,7 +1932,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -1821,11 +1962,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. podManagementPolicy: type: string @@ -1843,11 +1984,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -1856,7 +1997,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -1908,13 +2049,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -2222,10 +2365,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -2238,6 +2381,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -2265,8 +2412,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2282,11 +2439,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -2294,7 +2451,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -2302,7 +2459,7 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for ZooKeeper client `Service`. nodesService: type: object @@ -2313,11 +2470,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -2325,7 +2482,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -2333,7 +2490,7 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for ZooKeeper nodes `Service`. persistentVolumeClaim: type: object @@ -2344,11 +2501,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for all ZooKeeper `PersistentVolumeClaims`. podDisruptionBudget: @@ -2360,16 +2517,16 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. - description: Metadata to apply to the `PodDistruptionBugetTemplate` resource. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 - description: Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." description: Template for ZooKeeper `PodDisruptionBudget`. zookeeperContainer: type: object @@ -2439,6 +2596,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -2452,14 +2611,46 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the ZooKeeper service account. - description: Template for ZooKeeper cluster resources. The template allows users to specify how are the `StatefulSet`, `Pods` and `Services` generated. + jmxSecret: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for Secret of the Zookeeper Cluster JMX authentication. + podSet: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for ZooKeeper `StrimziPodSet` resource. + description: "Template for ZooKeeper cluster resources. The template allows users to specify how the `StatefulSet`, `Pods`, and `Services` are generated." required: - replicas - storage @@ -2582,7 +2773,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -2609,11 +2800,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -2722,7 +2913,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -2749,11 +2940,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -2861,12 +3052,18 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Entity Operator `Deployment`. pod: type: object @@ -2877,11 +3074,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -2890,7 +3087,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -2942,13 +3139,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -3256,10 +3455,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -3272,6 +3471,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -3299,8 +3502,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -3375,6 +3588,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -3447,6 +3662,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -3519,6 +3736,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -3532,14 +3751,62 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Entity Operator service account. - description: Template for Entity Operator resources. The template allows users to specify how is the `Deployment` and `Pods` generated. + entityOperatorRole: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for the Entity Operator Role. + topicOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + userOperatorRoleBinding: + type: object + properties: + metadata: + type: object + properties: + labels: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + annotations: + x-kubernetes-preserve-unknown-fields: true + type: object + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata applied to the resource. + description: Template for the Entity Topic Operator RoleBinding. + description: Template for Entity Operator resources. The template allows users to specify how a `Deployment` and `Pod` is generated. description: Configuration of the Entity Operator. clusterCa: type: object @@ -3549,7 +3816,7 @@ spec: description: If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true. generateSecretOwnerReference: type: boolean - description: If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`. + description: "If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`." validityDays: type: integer minimum: 1 @@ -3557,7 +3824,7 @@ spec: renewalDays: type: integer minimum: 1 - description: The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30. + description: "The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30." certificateExpirationPolicy: type: string enum: @@ -3573,7 +3840,7 @@ spec: description: If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true. generateSecretOwnerReference: type: boolean - description: If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`. + description: "If `true`, the Cluster and Client CA Secrets are configured with the `ownerReference` set to the `Kafka` resource. If the `Kafka` resource is deleted when `true`, the CA Secrets are also deleted. If `false`, the `ownerReference` is disabled. If the `Kafka` resource is deleted when `false`, the CA Secrets are retained and available for reuse. Default is `true`." validityDays: type: integer minimum: 1 @@ -3581,7 +3848,7 @@ spec: renewalDays: type: integer minimum: 1 - description: The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30. + description: "The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30." certificateExpirationPolicy: type: string enum: @@ -3739,11 +4006,11 @@ spec: description: A map of -XX options to the JVM. "-Xms": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xms option to to the JVM. "-Xmx": type: string - pattern: '[0-9]+[mMgG]?' + pattern: "^[0-9]+[mMgG]?$" description: -Xmx option to to the JVM. gcLoggingEnabled: type: boolean @@ -3773,7 +4040,7 @@ spec: enum: - inline - external - description: Logging type, must be either 'inline' or 'external'. + description: "Logging type, must be either 'inline' or 'external'." valueFrom: type: object properties: @@ -3803,12 +4070,18 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Cruise Control `Deployment`. pod: type: object @@ -3819,11 +4092,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -3832,7 +4105,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -3884,13 +4157,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -4198,10 +4473,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -4214,6 +4489,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -4241,8 +4520,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -4258,11 +4547,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. ipFamilyPolicy: type: string @@ -4270,7 +4559,7 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer." ipFamilies: type: array items: @@ -4278,7 +4567,7 @@ spec: enum: - IPv4 - IPv6 - description: Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer. + description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer." description: Template for Cruise Control API `Service`. podDisruptionBudget: type: object @@ -4289,16 +4578,16 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. - description: Metadata to apply to the `PodDistruptionBugetTemplate` resource. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." + description: Metadata to apply to the `PodDisruptionBudgetTemplate` resource. maxUnavailable: type: integer minimum: 0 - description: Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1. + description: "Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1." description: Template for Cruise Control `PodDisruptionBudget`. cruiseControlContainer: type: object @@ -4368,6 +4657,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -4440,6 +4731,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -4453,39 +4746,68 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Cruise Control service account. - description: Template to specify how Cruise Control resources, `Deployments` and `Pods`, are generated. + description: "Template to specify how Cruise Control resources, `Deployments` and `Pods`, are generated." brokerCapacity: type: object properties: disk: type: string - pattern: ^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$ - description: Broker capacity for disk in bytes, for example, 100Gi. + pattern: "^[0-9]+([.][0-9]*)?([KMGTPE]i?|e[0-9]+)?$" + description: "Broker capacity for disk in bytes. Use a number value with either standard Kubernetes byte units (K, M, G, or T), their bibyte (power of two) equivalents (Ki, Mi, Gi, or Ti), or a byte value with or without E notation. For example, 100000M, 100000Mi, 104857600000, or 1e+11." cpuUtilization: type: integer minimum: 0 maximum: 100 description: Broker capacity for CPU resource utilization as a percentage (0 - 100). + cpu: + type: string + pattern: "^[0-9]+([.][0-9]{0,3}|[m]?)$" + description: "Broker capacity for CPU resource in cores or millicores. For example, 1, 1.500, 1500m. For more information on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu." inboundNetwork: type: string - pattern: '[0-9]+([KMG]i?)?B/s' - description: Broker capacity for inbound network throughput in bytes per second, for example, 10000KB/s. + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for inbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." outboundNetwork: type: string - pattern: '[0-9]+([KMG]i?)?B/s' - description: Broker capacity for outbound network throughput in bytes per second, for example 10000KB/s. + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for outbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + overrides: + type: array + items: + type: object + properties: + brokers: + type: array + items: + type: integer + description: List of Kafka brokers (broker identifiers). + cpu: + type: string + pattern: "^[0-9]+([.][0-9]{0,3}|[m]?)$" + description: "Broker capacity for CPU resource in cores or millicores. For example, 1, 1.500, 1500m. For more information on valid CPU resource units see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu." + inboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for inbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + outboundNetwork: + type: string + pattern: "^[0-9]+([KMG]i?)?B/s$" + description: "Broker capacity for outbound network throughput in bytes per second. Use an integer value with standard Kubernetes byte units (K, M, G) or their bibyte (power of two) equivalents (Ki, Mi, Gi) per second. For example, 10000KiB/s." + required: + - brokers + description: Overrides for individual brokers. The `overrides` property lets you specify a different capacity configuration for different brokers. description: The Cruise Control `brokerCapacity` configuration. config: x-kubernetes-preserve-unknown-fields: true type: object - description: 'The Cruise Control configuration. For a full list of configuration options refer to https://github.com/linkedin/cruise-control/wiki/Configurations. Note that properties with the following prefixes cannot be set: bootstrap.servers, client.id, zookeeper., network., security., failed.brokers.zk.path,webserver.http., webserver.api.urlprefix, webserver.session.path, webserver.accesslog., two.step., request.reason.required,metric.reporter.sampler.bootstrap.servers, metric.reporter.topic, partition.metric.sample.store.topic, broker.metric.sample.store.topic,capacity.config.file, self.healing., anomaly.detection., ssl. (with the exception of: ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, webserver.http.cors.enabled,webserver.http.cors.origin, webserver.http.cors.exposeheaders).' + description: "The Cruise Control configuration. For a full list of configuration options refer to https://github.com/linkedin/cruise-control/wiki/Configurations. Note that properties with the following prefixes cannot be set: bootstrap.servers, client.id, zookeeper., network., security., failed.brokers.zk.path,webserver.http., webserver.api.urlprefix, webserver.session.path, webserver.accesslog., two.step., request.reason.required,metric.reporter.sampler.bootstrap.servers, capacity.config.file, self.healing., ssl., kafka.broker.failure.detection.enable, topic.config.provider.class (with the exception of: ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols, webserver.http.cors.enabled, webserver.http.cors.origin, webserver.http.cors.exposeheaders, webserver.security.enable, webserver.ssl.enable)." metricsConfig: type: object properties: @@ -4507,7 +4829,7 @@ spec: optional: type: boolean description: Reference to the key in the ConfigMap containing the configuration. - description: ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}. + description: "ConfigMap entry where the Prometheus JMX Exporter configuration is stored. For details of the structure of this configuration, see the {JMXExporter}." required: - type - valueFrom @@ -4526,7 +4848,7 @@ spec: properties: outputType: type: string - description: Template for setting the format of the data that will be pushed.For more information see https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans OutputWriters]. + description: "Template for setting the format of the data that will be pushed.For more information see https://github.com/jmxtrans/jmxtrans/wiki/OutputWriters[JmxTrans OutputWriters]." host: type: string description: The DNS/hostname of the remote host that the data is pushed to. @@ -4540,17 +4862,17 @@ spec: type: array items: type: string - description: Template for filtering data to be included in response to a wildcard query. For more information see https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans queries]. + description: "Template for filtering data to be included in response to a wildcard query. For more information see https://github.com/jmxtrans/jmxtrans/wiki/Queries[JmxTrans queries]." name: type: string description: Template for setting the name of the output definition. This is used to identify where to send the results of queries should be sent. required: - outputType - name - description: Defines the output hosts that will be referenced later on. For more information on these properties see, xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` schema reference]. + description: "Defines the output hosts that will be referenced later on. For more information on these properties see, xref:type-JmxTransOutputDefinitionTemplate-reference[`JmxTransOutputDefinitionTemplate` schema reference]." logLevel: type: string - description: Sets the logging level of the JmxTrans deployment.For more information see, https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans Logging Level]. + description: "Sets the logging level of the JmxTrans deployment.For more information see, https://github.com/jmxtrans/jmxtrans-agent/wiki/Troubleshooting[JmxTrans Logging Level]." kafkaQueries: type: array items: @@ -4568,12 +4890,12 @@ spec: type: array items: type: string - description: List of the names of output definitions specified in the spec.kafka.jmxTrans.outputDefinitions that have defined where JMX metrics are pushed to, and in which data format. + description: "List of the names of output definitions specified in the spec.kafka.jmxTrans.outputDefinitions that have defined where JMX metrics are pushed to, and in which data format." required: - targetMBean - attributes - outputs - description: Queries to send to the Kafka brokers to define what data should be read from each broker. For more information on these properties see, xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` schema reference]. + description: "Queries to send to the Kafka brokers to define what data should be read from each broker. For more information on these properties see, xref:type-JmxTransQueryTemplate-reference[`JmxTransQueryTemplate` schema reference]." resources: type: object properties: @@ -4596,12 +4918,18 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for JmxTrans `Deployment`. pod: type: object @@ -4612,11 +4940,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -4625,7 +4953,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -4677,13 +5005,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -4991,10 +5321,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -5007,6 +5337,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -5034,8 +5368,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -5110,6 +5454,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -5123,18 +5469,18 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. - description: Template for the JMX Trans service account. + description: Template for the JmxTrans service account. description: Template for JmxTrans resources. required: - outputDefinitions - kafkaQueries - description: Configuration for JmxTrans. When the property is present a JmxTrans deployment is created for gathering JMX metrics from each Kafka broker. For more information see https://github.com/jmxtrans/jmxtrans[JmxTrans GitHub]. + description: "Configuration for JmxTrans. When the property is present a JmxTrans deployment is created for gathering JMX metrics from each Kafka broker. For more information see https://github.com/jmxtrans/jmxtrans[JmxTrans GitHub]." kafkaExporter: type: object properties: @@ -5159,10 +5505,10 @@ spec: description: CPU and memory resources to reserve. logging: type: string - description: 'Only log messages with the given severity or above. Valid levels: [`debug`, `info`, `warn`, `error`, `fatal`]. Default log level is `info`.' + description: "Only log messages with the given severity or above. Valid levels: [`info`, `debug`, `trace`]. Default log level is `info`." enableSaramaLogging: type: boolean - description: Enable Sarama logging, a Go client library used by the Kafka Exporter. + description: "Enable Sarama logging, a Go client library used by the Kafka Exporter." template: type: object properties: @@ -5175,12 +5521,18 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. + deploymentStrategy: + type: string + enum: + - RollingUpdate + - Recreate + description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`. description: Template for Kafka Exporter `Deployment`. pod: type: object @@ -5191,11 +5543,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. imagePullSecrets: type: array @@ -5204,7 +5556,7 @@ spec: properties: name: type: string - description: List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored. + description: "List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored." securityContext: type: object properties: @@ -5256,13 +5608,15 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Configures pod-level security attributes and common container settings. terminationGracePeriodSeconds: type: integer minimum: 0 - description: The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds. + description: "The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds." affinity: type: object properties: @@ -5570,10 +5924,10 @@ spec: description: The pod's tolerations. priorityClassName: type: string - description: The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}. + description: "The name of the priority class used to assign priority to the pods. For more information about priority classes, see {K8sPriorityClass}." schedulerName: type: string - description: The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used. + description: "The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used." hostAliases: type: array items: @@ -5586,6 +5940,10 @@ spec: ip: type: string description: The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. + tmpDirSizeLimit: + type: string + pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. enableServiceLinks: type: boolean description: Indicates whether information about services should be injected into Pod's environment variables. @@ -5613,8 +5971,18 @@ spec: matchLabels: x-kubernetes-preserve-unknown-fields: true type: object + matchLabelKeys: + type: array + items: + type: string maxSkew: type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -5630,11 +5998,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for Kafka Exporter `Service`. container: @@ -5705,6 +6073,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string description: Security context for the container. @@ -5718,11 +6088,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for the Kafka Exporter service account. description: Customization of deployment templates and pods. @@ -5774,16 +6144,16 @@ spec: minimum: 1 description: The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1. description: Pod readiness check. - description: Configuration of the Kafka Exporter. Kafka Exporter can provide additional metrics, for example lag of consumer group at topic/partition. + description: "Configuration of the Kafka Exporter. Kafka Exporter can provide additional metrics, for example lag of consumer group at topic/partition." maintenanceTimeWindows: type: array items: type: string - description: A list of time windows for maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression. + description: "A list of time windows for maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression." required: - kafka - zookeeper - description: The specification of the Kafka and ZooKeeper clusters, and Topic Operator. + description: "The specification of the Kafka and ZooKeeper clusters, and Topic Operator." status: type: object properties: @@ -5794,13 +6164,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). @@ -5818,7 +6188,10 @@ spec: properties: type: type: string - description: 'The type of the listener. Can be one of the following three types: `plain`, `tls`, and `external`.' + description: "*The `type` property has been deprecated, and should now be configured using `name`.* The name of the listener." + name: + type: string + description: The name of the listener. addresses: type: array items: @@ -5843,4 +6216,4 @@ spec: clusterId: type: string description: Kafka cluster Id. - description: The status of the Kafka and ZooKeeper clusters, and Topic Operator. + description: "The status of the Kafka and ZooKeeper clusters, and Topic Operator." diff --git a/config/crd/static/kafkatopics.kafka.strimzi.io.yaml b/config/crd/static/kafkatopics.kafka.strimzi.io.yaml index 9ca00007b..3f8e7f35e 100644 --- a/config/crd/static/kafkatopics.kafka.strimzi.io.yaml +++ b/config/crd/static/kafkatopics.kafka.strimzi.io.yaml @@ -40,7 +40,7 @@ spec: type: integer - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -52,7 +52,7 @@ spec: partitions: type: integer minimum: 1 - description: The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." replicas: type: integer minimum: 1 @@ -76,13 +76,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). @@ -117,7 +117,7 @@ spec: type: integer - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -129,7 +129,7 @@ spec: partitions: type: integer minimum: 1 - description: The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." replicas: type: integer minimum: 1 @@ -153,13 +153,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). @@ -194,7 +194,7 @@ spec: type: integer - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -206,7 +206,7 @@ spec: partitions: type: integer minimum: 1 - description: The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`. + description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`." replicas: type: integer minimum: 1 @@ -230,13 +230,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). diff --git a/config/crd/static/kafkausers.kafka.strimzi.io.yaml b/config/crd/static/kafkausers.kafka.strimzi.io.yaml index 89d101cb0..d235be6c6 100644 --- a/config/crd/static/kafkausers.kafka.strimzi.io.yaml +++ b/config/crd/static/kafkausers.kafka.strimzi.io.yaml @@ -40,7 +40,7 @@ spec: type: string - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -52,15 +52,36 @@ spec: authentication: type: object properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." type: type: string enum: - tls + - tls-external - scram-sha-512 description: Authentication type. required: - type - description: Authentication mechanism enabled for this Kafka user. + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." authorization: type: object properties: @@ -86,7 +107,24 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: 'Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All.' + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." resource: type: object properties: @@ -98,7 +136,7 @@ spec: enum: - literal - prefix - description: Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." type: type: string enum: @@ -106,7 +144,7 @@ spec: - group - cluster - transactionalId - description: Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." required: - type description: Indicates the resource for which given ACL rule applies. @@ -117,7 +155,6 @@ spec: - deny description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. required: - - operation - resource description: List of ACL rules which should be applied to this user. type: @@ -139,7 +176,7 @@ spec: controllerMutationRate: type: number minimum: 0 - description: A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." producerByteRate: type: integer minimum: 0 @@ -161,11 +198,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. @@ -180,13 +217,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). @@ -224,7 +261,7 @@ spec: type: string - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -236,15 +273,36 @@ spec: authentication: type: object properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." type: type: string enum: - tls + - tls-external - scram-sha-512 description: Authentication type. required: - type - description: Authentication mechanism enabled for this Kafka user. + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." authorization: type: object properties: @@ -270,7 +328,24 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: 'Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All.' + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." resource: type: object properties: @@ -282,7 +357,7 @@ spec: enum: - literal - prefix - description: Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." type: type: string enum: @@ -290,7 +365,7 @@ spec: - group - cluster - transactionalId - description: Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." required: - type description: Indicates the resource for which given ACL rule applies. @@ -301,7 +376,6 @@ spec: - deny description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. required: - - operation - resource description: List of ACL rules which should be applied to this user. type: @@ -323,7 +397,7 @@ spec: controllerMutationRate: type: number minimum: 0 - description: A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." producerByteRate: type: integer minimum: 0 @@ -345,11 +419,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. @@ -364,13 +438,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). @@ -408,7 +482,7 @@ spec: type: string - name: Ready description: The state of the custom resource - jsonPath: .status.conditions[?(@.type=="Ready")].status + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" type: string schema: openAPIV3Schema: @@ -420,15 +494,36 @@ spec: authentication: type: object properties: + password: + type: object + properties: + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the password should be read. + required: + - valueFrom + description: "Specify the password for the user. If not set, a new password is generated by the User Operator." type: type: string enum: - tls + - tls-external - scram-sha-512 description: Authentication type. required: - type - description: Authentication mechanism enabled for this Kafka user. + description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `` format suitable for SASL authentication." authorization: type: object properties: @@ -454,7 +549,24 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: 'Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All.' + description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + operations: + type: array + items: + type: string + enum: + - Read + - Write + - Create + - Delete + - Alter + - Describe + - ClusterAction + - AlterConfigs + - DescribeConfigs + - IdempotentWrite + - All + description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." resource: type: object properties: @@ -466,7 +578,7 @@ spec: enum: - literal - prefix - description: Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`. + description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`." type: type: string enum: @@ -474,7 +586,7 @@ spec: - group - cluster - transactionalId - description: Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`. + description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`." required: - type description: Indicates the resource for which given ACL rule applies. @@ -485,7 +597,6 @@ spec: - deny description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`. required: - - operation - resource description: List of ACL rules which should be applied to this user. type: @@ -507,7 +618,7 @@ spec: controllerMutationRate: type: number minimum: 0 - description: A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted. + description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted." producerByteRate: type: integer minimum: 0 @@ -529,11 +640,11 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true type: object - description: Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." annotations: x-kubernetes-preserve-unknown-fields: true type: object - description: Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`. + description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`." description: Metadata applied to the resource. description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated. description: Template to specify how Kafka User `Secrets` are generated. @@ -548,13 +659,13 @@ spec: properties: type: type: string - description: The unique identifier of a condition, used to distinguish between other conditions in the resource. + description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." status: type: string - description: The status of the condition, either True, False or Unknown. + description: "The status of the condition, either True, False or Unknown." lastTransitionTime: type: string - description: Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. + description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." reason: type: string description: The reason for the condition's last transition (a single word in CamelCase). diff --git a/controllers/cloud.redhat.com/suite_test.go b/controllers/cloud.redhat.com/suite_test.go index 5bb08c22c..0133d6531 100644 --- a/controllers/cloud.redhat.com/suite_test.go +++ b/controllers/cloud.redhat.com/suite_test.go @@ -438,7 +438,7 @@ func (suite *TestSuite) TestCreateClowdApp() { assert.NoError(suite.T(), err) - assert.Equal(suite.T(), d.Labels, labels, "deployment label mismatch") + assert.Equal(suite.T(), labels, d.Labels, "deployment label mismatch") antiAffinity := d.Spec.Template.Spec.Affinity.PodAntiAffinity terms := antiAffinity.PreferredDuringSchedulingIgnoredDuringExecution